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Abstract 


This memo defines a portion of the Management Information Base (MIB) 
for use with network management protocols in TCP/IP-based internets. 
In particular, it defines two MIB modules for managing the 
capabilities of MAC bridges defined by the IEEE 802.1D-1998 (TM) MAC 
Bridges and the IEEE 802.10-2003 (TM) Virtual LAN (VLAN) standards 
for bridging between Local Area Network (LAN) segments. One MIB 
module defines objects for managing the 'Traffic Classes” and 
‘Enhanced Multicast Filtering’ components of IEEE 802.1D-1998 and 
P802.1t-2001 (TM). The other MIB module defines objects for managing 
VLANs, as specified in IEEE 802.10-2003, P802.1lu (TM), and P802.1v 
(TM) . 


Provisions are made for support of transparent bridging. Provisions 
are also made so that these objects apply to bridges connected by 


subnetworks other than LAN segments. 


This memo supplements RFC 4188 and obsoletes RFC 2674. 
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1. The Internet-Standard Management Framework 


For a detailed overview of the documents that describe the current 
Internet-Standard Management Framework, please refer to section 7 of 
RFC 3410 [RFC3410]. 


Managed objects are accessed via a virtual information store, termed 
the Management Information Base or MIB. MIB objects are generally 
accessed through the Simple Network Management Protocol (SNMP). 
Objects in the MIB are defined using the mechanisms defined in the 
Structure of Management Information (SMI). This memo specifies a MIB 
module that is compliant to the SMIv2, which is described in STD 58, 
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 
[RFC2580]. 


2. Overview 


A common device present in many networks is the Bridge. This device 
is used to connect Local Area Network segments below the network 
layer. These devices are often known as 'layer 2 switches’. 


The transparent method of bridging is defined by IEEE 802.1D-1998 
[802.1D]. Managed objects for transparent bridging are defined in 
the BRIDGE-MIB [BRIDGE-MIB]. 


The original IEEE 802.1D is augmented by IEEE 802.10-2003 [802.10] to 
provide support for ’virtual bridged LANs’ where a single bridged 
physical LAN network may be used to support multiple logical bridged 
LANs, each of which offers a service approximately the same as that 
defined by IEEE 802.1D. Such virtual LANs (VLANs) are an integral 
feature of switched LAN networks. A VLAN can be viewed as a group of 
end-stations on multiple LAN segments and can communicate as if they 
were on a single LAN. IEEE 802.10 defines port-based Virtual LANs 
where membership is determined by the bridge port on which data 
frames are received, and port-and-protocol-based Virtual LANs where 
membership is determined by the bridge port on which frames are 


received and the protocol identifier of the frame. This memo defines 
the objects needed for the management of port-based VLANs in bridge 
entities. 


This memo supplements RFC 4188 [BRIDGE-MIB] and obsoletes RFC 2674 
[RFC2674]. 


2.1. Scope 
The MIB modules defined in this document include a comprehensive set 


of managed objects that attempts to match the set defined in IEEE 
802.1D and IEEE 802.10. However, to be consistent with the spirit of 
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the SNMP Framework, a subjective judgement was made to omit the 
objects from those standards most 'costly” to implement in an agent 
and least ’essential’ for fault and configuration management. The 
omissions are described in Section 3 below. 


Historical note: 


The original BRIDGE-MIB [RFC1493] used the following principles for 
determining inclusion of an object in the BRIDGE-MIB module: 


(1) Start with a small set of essential objects and add only as 
further objects are needed. 


(2) Require that objects be essential for either fault or 
configuration management. 


(3) Consider evidence of current use and/or utility. 
(4) Limit the total number of objects. 
(5) Exclude objects that are simply derivable from others in this 


or other MIBs. 


(6) Avoid causing critical sections to be heavily instrumented. 
The guideline that was followed is one counter per critical 
section per layer. 


3. Structure of MIBs 


This document defines objects that supplement those in the BRIDGE-MIB 
module [BRIDGE-MIB]. Section 3.4.3 of the present document contains 

some recommendations regarding usage of objects in the BRIDGE-MIB by 

devices implementing the enhancements defined here. 


An extended bridge MIB module P-BRIDGE-MIB defines managed objects 
for the traffic class and multicast filtering enhancements defined by 
IEEE 802.1D-1998 [802.1D], including the Restricted Group 
Registration control defined by IEEE P802.1t [802.1t]. 


A virtual bridge MIB module Q-BRIDGE-MIB defines managed objects for 
the Virtual LAN bridging enhancements defined by IEEE 802.10-2003 
[802.10], including the Restricted VLAN Registration control, defined 
by IEEE P802.1u [802.1u], and the VLAN Classification by Protocol and 
Port enhancement, defined by IEEE P802.1v [802.1v]. 
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3.1. Structure of Extended Bridge MIB Module 


Objects in this MIB are arranged into subtrees. Each subtree is 
organized as a set of related objects. The overall structure and 
assignment of objects to their subtrees is shown below. 


3.1.1. Relationship to IEEE 802.1D-1998 Manageable Objects 


This section contains a cross-reference to the objects defined in 
IEEE 802.1D-1998 [802.1D]. It also details those objects that are 
not considered necessary in this MIB module. 


Some objects defined by IEEE 802.1D-1998 have been included in the 
virtual bridge MIB module rather than this one: entries in 
dotlqTpGroupTable, dotlqForwardAllTable, and 
dotlqForwardUnregisteredTable are required for virtual bridged LANs 
with additional indexing (e.g., per-VLAN, per-Filtering-Database 
(per-FDB)) and so are not defined here. Instead, devices that do not 
implement virtual bridged LANs but do implement the Extended 
Forwarding Services defined by IEEE 802.1D (i.e., dynamic learning of 
multicast group addresses and group service requirements in the 
filtering database) should implement these tables with a fixed value 
for dotlqFdbId (the value 1 is recommended) or dotlqVlanIndex (the 
value 1 is recommended). Devices that support Extended Filtering 
Services should support dotlqTpGroupTable, dotlqForwardAllTable, and 
dotlqForwardUnregisteredTable. 


Extended Bridge MIB Name IEEE 802.1D-1998 Name 


dotldExtBase Bridge 
dotidDeviceCapabilities 
dotidExtendedFilteringServices 
dotldTrafficClasses 
dotldTrafficClassesEnabled 
dotldGmrpStatus .ApplicantAdministrativeControl 
dotidPriority 
dotidPortPriorityTable 
dotidPortDefaultUserPriority .UserPriority 
dotidPortNumTrafficClasses 
dotidUserPriorityRegenTable .UserPriorityRegenerationTable 
dotidUserPriority 
dotidRegenUserPriority 
dotldTrafficClassTable .TrafficClassTable 
dotldTrafficClassPriority 
dotldTrafficClass 
dotidPortOutboundAccessPriorityTable 
.OutboundAccessPriorityTable 
dot1dPortOutboundAccessPriority 


Levi & Harrington Standards Track [Page 5] 


RFC 4363 Bridge MIB Extensions January 2006 


dotidGarp 
dotldPortGarpTable 
dotidPortGarpJoinTime .JoinTime 
dotidPortGarpLleaveTime .LeaveTime 
dotidPortGarpLeaveAllTime .LeaveAllTime 
dot1dGmrp 
dotidPortGmrpTable 
dotidPortGmrpStatus -ApplicantAdministrativeControl 
dotidPortGmrpFailedRegistrations .FailedRegistrations 
dotidPortGmrpLastPduOrigin -OriginatorOfLastPDU 


dotldPortRestrictedGroupRegistration 
Restricted Group Registration 
(Ref. IEEE 802.1t 10.3.2.3) 


dotldTp 

dotldTpHCPortTable 
dot1dTpHCPortInFrames .BridgePort .FramesReceived 
dotldTpHCPortOutFrames .ForwardOutBound 
dotldTpHCPortInDiscards .DiscardInbound 

dotldTpPortOverflowTable 
dotldTpPortInOverflowFrames .BridgePort.FramesReceived 
dotldTpPortOutOverflowFrames .ForwardOutBound 
dot1dTpPortInOverflowDiscards .DiscardInbound 


The following IEEE 802.1D-1998 management objects have not been 
included in the Bridge MIB for the indicated reasons. 


IEEE 802.1D-1998 Object Disposition 


Bridge. StateValue not considered useful 
Bridge.ApplicantAdministrativeControl 
not provided per-attribute 
(e.g., per-VLAN, per-Group). 
Only per-{device,port,application} 
control is provided in this MIB. 


notify group registration failure not considered useful 
(IEEE 802.1t 14.10.1.2) 


3.1.2. Relationship to IEEE 802.10 Manageable Objects 
This section contains section number cross-references to manageable 
objects defined in IEEE 802.10-2003 [802.10]. These objects have 


been included in this MIB as they provide a natural fit with the IEEE 
802.1D objects with which they are co-located. 
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Extended Bridge MIB Name IEEE 802.10-2003 Section and Name 


dotidExtBase Bridge 
dotidDeviceCapabilities 
dotlgStaticEntryIndividualPort 5.2 implementation options 
dotligIVLCapable 
dotlqSVLCapable 
dotiqHybridCapable 
dotiqConfigurablePvidTagging 12.10.1.1 read bridge vlan 
config 
dotidLocalVlanCapable 
dotidPortCapabilitiesTable 
dotidPortCapabilities 
dotiqpotlqTagging 5.2 implementation options 
dotiqConfigurableAcceptableFrameTypes 
5.2 implementation options 
dotiqingressFiltering 5.2 implementation options 


3.1.3. The dotldExtBase Subtree 


This subtree contains the objects that are applicable to all bridges 
implementing the traffic class and multicast filtering features of 
IEEE 802.1D-1998 [802.1D]. It includes per-device configuration of 
Generic Attribute Registration Protocol (GARP) and GARP Multicast 
Registration Protocol (GMRP) protocols. 


3.1.4. The dotldPriority Subtree 
This subtree contains the objects for configuring and reporting 
status of priority-based queuing mechanisms in a bridge. This 
includes per-port user _ priority treatment, mapping of user priority 
in frames into internal traffic classes, and outbound user priority 
and access _ priority. 


3.1.5. The dotldGarp Subtree 


This subtree contains the objects for configuring and reporting on 
operation of the Generic Attribute Registration Protocol (GARP). 


3.1.6. The dotldGmrp Subtree 


This subtree contains the objects for configuring and reporting on 
operation of the GARP Multicast Registration Protocol (GMRP). 
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3.1.7. The dotldTpHCPortTable 


This table extends the dotldTp subtree from the BRIDGE-MIB 
[BRIDGE-MIB] and contains the objects for reporting port-bridging 
statistics for high-capacity network interfaces. 


3.1.8. The dotldTpPortOverflowTable 


This table extends the dotldTp subtree from the BRIDGE-MIB 
[BRIDGE-MIB] and contains the objects for reporting the upper bits of 
port-bridging statistics for high-capacity network interfaces for 
when 32-bit counters are inadequate. 


3.2. Structure of Virtual Bridge MIB module 


Objects in this MIB are arranged into subtrees. Each subtree is 
organized as a set of related objects. The overall structure and 
assignment of objects to their subtrees is shown below. Some 
manageable objects defined in the BRIDGE-MIB [BRIDGE-MIB] need to be 
indexed differently when they are used in a VLAN bridging 
environment: these objects are, therefore, effectively duplicated by 
new objects with different indexing, which are defined in the Virtual 
Bridge MIB. 


3.2.1. Relationship to IEEE 802.10 Manageable Objects 


This section contains section-number cross-references to manageable 


objects defined in clause 12 of IEEE 802.10-2003 [802.10]. It also 
details those objects that are not considered necessary in this MIB 
module. 


Note: Unlike IEEE 802.1D-1998, IEEE 802.10-2003 [802.10] did not 
define exact syntax for a set of managed objects. The following 
cross-references indicate the section numbering of the descriptions 
of management operations from clause 12 in the latter document. 


Virtual Bridge MIB object IEEE 802.10-2003 Reference 
dotlqBase 

dotliqVlanVersionNumber 12.10.1.1 read bridge vlan config 

dotiqMaxVlanId 12.10.1.1 read bridge vlan config 

dotiqMaxSupportedVlans 12.10.1.1 read bridge vlan config 

dotlqNumVlans 

dotlaGvrpStatus 12.9.2.1/2 read/set garp 

applicant controls 

dotlqTp 

dotliqFdbTable 

dotlqFdbId 
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dot1gFdbDynamicCount 12.7.1.1.3 read filtering d/base 

dotlqTpFdbTable 
dotlqTpFdbAddress 
dotlqTpFdbPort 
dotliqTpFdbStatus 

dotlqTpGroupTable 12.7.7.1 read filtering entry 
dotlqTpGroupAddress 
dotlqTpGroupEgressPorts 
dotlqTpGroupLearnt 

dotiqForwardAllTable 12.7.7.1 read filtering entry 
dotlqForwardAllPorts 
dotligForwardAllStaticPorts 
dot1gForwardAllForbiddenPorts 

dotl1gForwardUnregisteredTable 12.7.7.1 read filtering entry 
dot1gForwardUnregisteredPorts 
dot1gForwardUnregisteredStaticPorts 
dotiqForwardUnregisteredForbiddenPorts 

dotiqStatic 
dotiqStaticUnicastTable 12.7.7.1 create/delete/read 
filtering entry 
12.7.6.1 read permanent database 

dotiqStaticUnicastAddress 
dotiqStaticUnicastReceivePort 
dotiqStaticUnicastAllowedToGoTo 
dotiqStaticUnicastStatus 

dotiqStaticMulticastTable 12.7.7.1 create/delete/read 

filtering entry 
12.7.6.1 read permanent database 

dotiqStaticMulticastAddress 
dotiqStaticMulticastReceivePort 
dotlqStaticMulticastStaticEgressPorts 
dotiqStaticMulticastForbiddenEgressPorts 
dotiqStaticMulticastStatus 


dotiqVlan 
dotlqVlanNumDeletes 
dotiqVlanCurrentTable 12.10.2.1 read vlan configuration 
12.10.3.5 read VID to FID 
allocations 
12.10.3.6 read FID allocated to 
VID 
12.10.3.7 read VIDs allocated to 
FID 
dotiqVlanTimeMark 
dotlqVlanindex 
dotlqVlanFdbId 


dotiqVlanCurrentEgressPorts 
dotiqVlanCurrentUntaggedPorts 
dotlqVlanStatus 
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dotiqVlanCreationTime 
dotiqVlanStaticTable 


dotiqVlanStaticName 
dotliqVlanStaticEgressPorts 
dotliqVlanForbiddenEgressPorts 
dotiqVlanStaticUntaggedPorts 
dotiqVlanStaticRowStatus 
dotlqNextFreeLocalVlaniIndex 
dotlqPortVlanTable 


dotlaPvid 
dotlqPortAcceptableFrameTypes 


dotlqPortIngressFiltering 


dotlqPortGvrpStatus 


12 


12 


12% 
T2’; 


12 


12;; 


12;; 
12: 


L2;; 


12 


dotiqPortGvrpFailedRegistrations 


dotiqPortGvrpLastPduOrigin 


January 2006 


.7.7.1/2/3 create/delete/read 


filtering entry 


.7.6.1 read permanent database 


10.2.2 create vlan config 
10.2.3 delete vlan config 


.4.1.3 set bridge name 


10. 


10. 
10. 


10. 


N 


¿3 


.4 


read bridge vlan 
configuration 
configure PVID values 
configure acceptable 
frame types parameter 
configure ingress 
filtering parameters 


.9.2.2 read/set garp applicant 


dotlgPortRestrictedVlanRegistration 
IEEE 802.1u 11.2.3.2.3 


dotiqPortVlanStatisticsTable 


dotlqTpVlanPortiInFrames 
dotlqTpVlanPortOutFrames 
dotigqTpVlanPortInDiscards 


dotlqTpVlanPortInOverflowFrames 


controls 


Restricted VLAN Registration 


12.6.1.1 read forwarding port 


dotlqTpVlanPortOutOverflowFrames 
dot1qTpVlanPortInOverflowDiscards 


dotiqPortVlanHCStatisticsTable 


dotlqTpVlanPortHCInFrames 

dotlqTpVlanPortHCOutFrames 

dotiqTpVlanPortHCInDiscards 
dotiqLearningConstraintsTable 


dotiqConstraintVlan 
dotiqConstraintsSet 
dotiqConstraintType 
dotiqConstraintStatus 
dotiqConstraintSetDefault 
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12 


12 


12 


counters 


.6.1.1 read forwarding port 


counters 


.10.3.1/3/4 read/set/delete 
vlan learning constraints 
.10.3.2 read vlan learning 
constraints for VID 


Standards Track 
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dotlqConstraintTypeDefault 


dotlvProtocol IEEE 802.1v Reference: 
dotlvProtocolGroupTable 8.6.4 Protocol Group Database, 
8.6.2 Protocol Template 
dotlvProtocolTemplateFrameType 
dotlvProtocolTemplateProtocolValue 


dotlvProtocolGroupld 8.6.3 Protocol Group Identifier 
dotlvProtocolGroupRowStatus 
dotivProtocolPortTable 8.4.4 VID Set for each Port 


dotlivProtocolPortGroupIid 
dotlvProtocolGroupVid 
dotlvProtocolPortRowStatus 


The following IEEE 802.10 management objects have not been included 
in the Bridge MIB for the indicated reasons. 


IEEE 802.10-2003 Operation Disposition 
reset bridge (12.4.1.4) not considered useful 
reset vlan bridge (12.10.1.5) not considered useful 


read forwarding port counters (12.6.1.1) 
discard on error details not considered useful 


read permanent database (12.7.6.1) 


permanent database size not considered useful 
number of static filtering count rows in 
entries dotiqStaticUnicastTable + 
dotiqStaticMulticastTable 
number of static VLAN count rows in 
registration entries dotiqVlanStaticTable 
read filtering entry range use GetNext operation. 
(12.7.7.4) 


read filtering database (12.7.1.1) 


filtering database size not considered useful 
number of dynamic group address count rows applicable to each 
entries (12.7.1.3) FDB in dotldTpGroupTable 
read garp state (12.9.3.1) not considered useful 
notify vlan registration failure not considered useful 
(12.10.1.6) 
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notify learning constraint violation 
(12 0:.3:2,1:0:) not considered useful 


3.2.2. The dotlqBase Subtree 


This subtree contains the objects that are applicable to all bridges 
implementing IEEE 802.10 virtual LANs. 


3.2.3. The dotlqTp Subtree 


This subtree contains objects that control the operation and report 
the status of transparent bridging. This includes management of the 
dynamic Filtering Databases for both unicast and multicast 
forwarding. This subtree will be implemented by all bridges that 
perform destination-address filtering. 


3.2.4. The dotlgStatic Subtree 


This subtree contains objects that control static configuration 
information for transparent bridging. This includes management of 
the static entries in the Filtering Databases for both unicast and 
multicast forwarding. 


3.2.5. The dotlqVlan Subtree 


This subtree contains objects that control configuration and report 
status of the Virtual LANs known to a bridge. This includes 
management of the statically configured VLANs as well as reporting 
VLANs discovered by other means (e.g., GARP VLAN Registration 
Protocol (GVRP)). It also controls configuration and reports status 
of per-port objects relating to VLANs and reports traffic statistics. 
It also provides for management of the VLAN Learning Constraints. 


3.3. Textual Conventions 


Various Working Groups have defined standards-track MIB documents 
(for example, [RFC2613] and [RFC3318]), that contain objects and 
Textual Conventions to represent a Virtual Local Area Network 
Identifier (VLAN-ID) [802.10]. New definitions are showing up in 
various documents (for example, [RFC4323] and [RFC4149]). 
Unfortunately, the result is a set of different definitions for the 
same piece of management information. This may lead to confusion and 
unnecessary complexity. In order to address this situation, three 
new textual conventions are defined in the Q-BRIDGE-MIB, called 
VlanIdOrAny, VlanIdOrNone, and VlanIdOrAnyOrNone. These new textual 
conventions should be (re)used in MIB modules so that they all 
represent a VLAN-ID in the same way. 
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3; 


3: 


s4 


4. 


4 


These textual conventions provide a means to specify MIB objects that 
refer to a specific VLAN, to any VLAN, or to no VLAN. For an example 
of how these textual conventions might be used, consider a MIB 
object, with SYNTAX of VlanIdOrAnyOrNone, that specifies the VLAN on 
which to accept incoming packets of a particular protocol. Such an 
object would allow the device to be configured to accept packets of 
this protocol received with a specific 802.1q tag value, with any 
802.1q tag value, or with no 802.1q tag. Note that a MIB object that 
is defined using one of these textual conventions should clarify the 
meaning of ‘any VLAN’ and/or ‘no VLAN’ in its DESCRIPTION clause. 


Relationship to Other MIBs 


As described above, some IEEE 802.1D management objects have not been 
included in this MIB because they overlap with objects in other MIBs 
applicable to a bridge implementing this MIB module. 


1. Relationship to the SNMPv2-MIB 


The SNMPv2-MIB [RFC3418] defines objects that are generally 
applicable to managed devices. These objects apply to the device as 
a whole, irrespective of whether bridging is the device’s sole 
functionality or only a subset of the device’s functionality. 


Full support for the 802.1D management objects requires that the 
SNMPv2-MIB objects sysDescr and sysUpTime be implemented. Note that 
compliance to the current SNMPv2-MIB module requires additional 
objects and notifications to be implemented as specified in RFC 3418 
[RFC3418]. 


.2. Relationship to the IF-MIB 


The IF-MIB, [RFC2863], requires that any MIB that is an adjunct of 
the IF-MIB clarify specific areas within the IF-MIB. These areas 
were intentionally left vague in the IF-MIB in order to avoid over- 
constraining the MIB, thereby precluding management of certain 
media-types. 


The IF-MIB enumerates several areas that a media-specific MIB must 
clarify. Each of these areas is addressed in a following subsection. 
The implementor is referred to the IF-MIB in order to understand the 
general intent of these areas. 


The IF-MIB [RFC2863] defines managed objects for managing network 
interfaces. A network interface is considered attached to a 
‘subnetwork’. (Note that this term is not to be confused with 
‘subnet’, which refers to an addressing partitioning scheme used in 
the Internet suite of protocols.) The term ’segment’ is used in this 
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memo to refer to such a subnetwork, whether it be an Ethernet 
segment, a ‘ring’, a WAN link, or even an X.25 virtual circuit. 


Full support for the 802.1D management objects requires that the 
IF-MIB objects ifIndex, ifType, ifDescr, ifPhysAddress, and 
ifLastChange are implemented. Note that compliance to the current 
IF-MIB module requires additional objects and notifications to be 
implemented as specified in RFC 2863 [RFC2863]. 


Implicit in this Extended Bridge MIB is the notion of ports on a 
bridge. Each of these ports is associated with one interface of the 
‘interfaces’ subtree (one row in ifTable), and, in most situations, 
each port is associated with a different interface. However, there 
are situations in which multiple ports are associated with the same 
interface. An example of such a situation would be several ports 
each corresponding one-to-one with several X.25 virtual circuits but 
all on the same interface. 


Each port is uniquely identified by a port number. A port number has 
no mandatory relationship to an interface number, but in the simple 
case a port number will have the same value as the corresponding 
interface's interface number. Port numbers are in the range 
(1..dotldBaseNumPorts). 


Some entities perform other functionality as well as bridging through 
the sending and receiving of data on their interfaces. In such 
situations, only a subset of the data sent/received on an interface 
is within the domain of the entity’s bridging functionality. This 
subset is considered delineated according to a set of protocols, with 
some protocols being bridged, and other protocols not being bridged. 
For example, in an entity that exclusively performed bridging, all 
protocols would be considered bridged, whereas in an entity that 
performed IP routing on IP datagrams and only bridged other 
protocols, only the non-IP data would be considered bridged. 


Thus, this Extended Bridge MIB (and in particular, its counters) is 
applicable only to that subset of the data on an entity’s interfaces 
that is sent/received for a protocol being bridged. All such data is 
sent/received via the ports of the bridge. 


3.4.2.1. Layering Model 


This memo assumes the interpretation of the Interfaces Subtree to be 
in accordance with the IF-MIB [RFC2863], which states that the 
interfaces table (ifTable) contains information on the managed 
resource’s interfaces and that each sub-layer below the internetwork 
layer of a network interface is considered an interface. 
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This document does not make any assumption that within an entity, 
VLANs that are instantiated as an entry in dotlqVlanCurrentTable by 
either management configuration through dotlqVlanStaticTable or by 
dynamic means (e.g., through GVRP) are also represented by an entry 
in ifTable. 


Where an entity contains higher-layer protocol entities (e.g., 
IP-layer interfaces that transmit and receive traffic to/from a 
VLAN), these should be represented in the ifTable as interfaces of 
type propVirtual (53). Protocol-specific types such as 13ipxvlan (137) 
should not be used here, since there is no implication that the 
bridge will perform any protocol filtering before delivering up to 
these virtual interfaces. 


3.4.2.2. ifStackTable 


In addition, the IF-MIB [RFC2863] defines a table ’ifStackTable’ for 
describing the relationship between logical interfaces within an 
entity. It is anticipated that implementors will use this table to 
describe the binding of (for example) IP interfaces to physical 
ports, although the presence of VLANs makes the representation less 
than perfect for showing connectivity. The ifStackTable cannot 
represent the full capability of the IEEE 802.10 VLAN bridging 
standard, since that makes a distinction between VLAN bindings on 
‘ingress’ to and 'egress” from a port: these relationships may or may 
not be symmetrical whereas Interface MIB Evolution assumes a 
symmetrical binding for transmit and receive. This makes it 
necessary to define other manageable objects for configuring which 
ports are members of which VLANs. 


3.4.2.3. ifRcvAddressTable 


This table contains all MAC addresses, unicast, multicast, and 
broadcast, for which an interface will receive packets and forward 
them up to a higher-layer entity for local consumption. Note that 
this does not include addresses for data-link layer control protocols 
such as Spanning-Tree, GMRP, or GVRP. The format of the address, 
contained in ifRcvAddressAddress, is the same as for ifPhysAddress. 


This table does not include unicast or multicast addresses that are 


accepted for possible forwarding out some other port. This table is 
explicitly not intended to provide a bridge address filtering 
mechanism. 
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3.4.3. Relationship to the BRIDGE-MIB 
This section defines how objects in the BRIDGE-MIB module 
[BRIDGE-MIB] should be represented for devices that implement the 
extensions: some of the old objects are less useful in such devices 
but must still be implemented for reasons of backwards compatibility. 


3.4.3.1. The dotldBase Subtree 


This subtree contains objects that are applicable to all types of 
bridges. Interpretation of this subtree is unchanged. 


3.4.3.2. The dotldStp Subtree 
This subtree contains the objects that denote the bridge's state with 
respect to the Spanning Tree Protocol. Interpretation of this 
subtree is unchanged. 


3.4.3.3. The dotldTp Subtree 


This subtree contains objects that describe the entity's state with 
respect to transparent bridging. 


In a device operating with a single Filtering Database, 
interpretation of this subtree is unchanged. 


In a device supporting multiple Filtering Databases, this subtree is 
interpreted as follows: 


dotldTpLearnedEntryDiscards 
The number of times that *any* of the FDBs became full. 
dotldTpAgingTime 


This applies to all Filtering Databases. 


dotldTpFdbTable 
Report MAC addresses learned on each port, regardless of which 
Filtering Database they have been learned in. If an address has 
been learned in multiple databases on a single port, report it 
only once. If an address has been learned in multiple databases 
on more than one port, report the entry on any one of the valid 
ports. 
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dotldTpPortTable 


3:4:3::4, 


This 


This table is port-based and is not affected by multiple 
Filtering Databases or multiple VLANS. The counters should 
include frames received or transmitted for all VLANs. Note that 
equivalent 64-bit port statistics counters, as well as other 
objects to represent the upper 32 bits of these counters, are 
defined in this document for high-capacity network interfaces. 
These have conformance statements to indicate for which speeds 
of interface they are required. 


The dotldStatic Subtree 


optional subtree contains objects that describe the 


configuration of destination-address filtering. 


Ina 


device operating with a single Filtering Database, 


interpretation of this subtree is unchanged. 


Ina 


device supporting multiple Filtering Databases, this subtree is 


interpreted as follows: 


dotldStaticTable 


A OA 


Entries read from this table include all static entries from all 
of the Filtering Databases. Entries for the same MAC address 
and receive port in more than one Filtering Database must appear 
only once, since these are the indices of this table. This 
table should be implemented as read-only in devices that support 
multiple Forwarding Databases. Instead, write access should be 
provided through dotlqStaticUnicastTable and 
dotiqStaticMulticastTable, as defined in this document. 


Additions to the BRIDGE-MIB 


To supplement the BRIDGE-MIB [BRIDGE-MIB], this module contains: 


(1) 


support for multiple traffic classes and dynamic multicast 
filtering as per IEEE 802.1D-1998 [802.1D]. 


support for bridged Virtual LANs as per IEEE 802.10-2003 
[802.10]. 


support for 64-bit versions of BRIDGE-MIB [BRIDGE-MIB] port 
counters. 
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4. Definitions for Extended Bridge MIB 


P-BRIDGE-MIB DEFINITIONS ::= BEGIN 


IMPORTS 
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, Counter64 
FROM SNMPv2-SMI 
TruthValue, TimeInterval, MacAddress, TEXTUAL-CONVENTION 
FROM SNMPv2-TC 
MODULE-COMPLIANCE, OBJECT-GROUP 
FROM SNMPv2-CONF 
dotidTp, dotldTpPort, dotldBridge, 
dotldBasePortEntry, dotldBasePort 
FROM BRIDGE-MIB; 


pBridgeMIB MODULE-IDENTITY 
LAST-UPDATED "2006010900002" 
ORGANIZATION "IETF Bridge MIB Working Group" 
CONTACT-INFO 
"Email: bridge-mib@ietf.org 
ietfmibs@ops.ietf.org 


David Levi 

Postal: Nortel Networks 
4655 Great America Parkway 
Santa Clara, CA 95054 
USA 
Phone: +1 865 686 0432 
Email: dlevi@nortel.com 


David Harrington 
Postal: Effective Software 
50 Harding Rd. 
Portsmouth, NH 03801 
USA 
Phone: +1 603 436 8634 
Email: ietfdbh@comcast.net 


Les Bell 

Postal: Hemel Hempstead, Herts. HP2 7YU 
UK 

Email: elbell@ntlworld.com 


Vivian Ngai 
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Email: 
DESCRIPTION 


Bridge MIB Extensions 


vivian_ngai@acm.org 


Andrew Smith 

Beijing Harbour Networks 
Jiuling Building 

21 North Xisanhuan Ave. 
Beijing, 100089 

PRC 

+1 415 345 1827 
ah_smith@acm.org 


Paul Langille 
Newbridge Networks 

5 Corporate Drive 
Andover, MA 01810 

USA 

+1 978 691 4665 
langille@newbridge.com 


Anil Rijhsinghani 

Accton Technology Corporation 
5 Mount Royal Ave 

Marlboro, MA 01752 

USA 


anil@accton.com 


Keith McCloghrie 

Cisco Systems, Inc. 

170 West Tasman Drive 
San Jose, CA 95134-1706 
USA 

+1 408 526 5260 
kzm@cisco.com" 


January 2006 


"The Bridge MIB Extension module for managing Priority 


and Multicast Filtering, 


IEEE 802.1t-2001. 


Copyright 


(C) The Internet Society (2006). 
this MIB module is part of RFC 4363; 


full legal notices." 


REVISION 
DESCRIPTION 


"Added dotldPortRestrictedGroupRegistration. 


"2006010900002" 


See 


defined by IEEE 802.1D-1998, 
including Restricted Group Registration defined by 


This version of 
the RFC itself for 


Deprecated pBridgePortGmrpGroup and pBridgeCompliance 
and added pBridgePortGmrpGroup2 and pBridgeCompliance2." 
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REVISION "1999082500002" 
DESCRIPTION 
"The Bridge MIB Extension module for managing Priority 
and Multicast Filtering, defined by IEEE 802.1D-1998. 
Initial version, published as RFC 2674." 
:= { dotldBridge 6 } 


pBridgeMIBObjects OBJECT IDENTIFIER ::= { pBridgeMIB 1 } 


EnabledStatus ::= TEXTUAL-CONVENTION 
STATUS current 
DESCRIPTION 
"A simple status value for the object." 
SYNTAX INTEGER { enabled(1), disabled(2) ) 


dotidExtBase OBJECT IDENTIFIER ::= { pBridgeMIBObjects 1 } 
dotldPriority OBJECT IDENTIFIER ::= { pBridgeMIBObjects 2 } 
dotidGarp OBJECT IDENTIFIER ::= { pBridgeMIBObjects 3 } 
dotldGmrp OBJECT IDENTIFIER ::= { pBridgeMIBObjects 4 } 


dotidDeviceCapabilities OBJECT-TYPE 

SYNTAX BITS { 
dotidExtendedFilteringServices (0), 
dotldTrafficClasses(1), 
dotigStaticEntryIndividualPort (2), 
dotigIVLCapable (3), 
dotlqSVLCapable (4), 
dotliqHybridCapable(5), 
dotliqConfigurablePvidTagging (6), 
dotidLocalVlanCapable (7) 

} 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
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"Indicates the optional parts of IEEE 802.1D and 802.10 
that are implemented by this device and are manageable 
through this MIB. Capabilities that are allowed on a 
per-port basis are indicated in dotidPortCapabilities. 


dotidExtendedFilteringServices (0), 

-- can perform filtering of 

—- individual multicast addresses 

-- controlled by GMRP. 
dotldTrafficClasses(1), 

—— Can map user priority to 

-- multiple traffic classes. 
dotiqStaticEntrylIndividualPort (2), 

—— dotlgStaticUnicastReceivePort & 

-=- dotlgStaticMulticastReceivePort 

-- Can represent non-zero entries. 
dotiqIVLCapable(3), -- Independent VLAN Learning (IVL). 
dotlqSVLCapable (4), —- Shared VLAN Learning (SVL). 
dotlqHybridCapable(5), 

-- both IVL & SVL simultaneously. 
dotliqConfigurablePvidTagging (6), 

—- whether the implementation 

—— supports the ability to 

—- override the default PVID 

-- setting and its egress status 

-- (VLAN-Tagged or Untagged) on 

-- each port. 


—— can support multiple local 
—- bridges, outside of the scope 
—— of 802.10 defined VLANs." 
REFERENCE 
"ISO/IEC 15802-3 Section 5.2, 
IEEE 802.1Q/D11 Section 5.2, 12.10.1.1.3/b/2" 
::= { dotldExtBase 1 } 


dotldTrafficClassesEnabled OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The value true(1) indicates that Traffic Classes are 
enabled on this bridge. When false(2), the bridge 
operates with a single priority level for all traffic. 


The value of this object MUST be retained across 


reinitializations of the management system." 
DEFVAL { true } 
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::= { dotldExtBase 2 } 


dotldGmrpStatus OBJECT-TYPE 


SYNTAX EnabledStatus 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The administrative status requested by management for 
GMRP. The value enabled(1) indicates that GMRP should 
be enabled on this device, in all VLANs, on all ports 
for which it has not been specifically disabled. When 
disabled(2), GMRP is disabled, in all VLANs and on all 
ports, and all GMRP packets will be forwarded 
transparently. This object affects both Applicant and 
Registrar state machines. A transition from disabled(2) 
to enabled (1) will cause a reset of all GMRP state 
machines on all ports. 


The value of this object MUST be retained across 
reinitializations of the management system." 
DEFVAL { enabled } 
:= { dotldExtBase 3 } 


dotidPortCapabilitiesTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldPortCapabilitiesEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains capabilities information about 
every port that is associated with this bridge." 
::= { dotldExtBase 4 } 


dotldPortCapabilitiesEntry OBJECT-TYPE 


SYNTAX DotidPortCapabilitiesEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A set of capabilities information about this port 
indexed by dotldBasePort." 
AUGMENTS { dotidBasePortEntry } 
:= { dotldPortCapabilitiesTable 1 } 


DotldPortCapabilitiesEntry ::= 
SEQUENCE { 


Levi & Harrington Standards Track [Page 22] 


RFC 4363 Bridge MIB Extensions January 2006 


dotidPortCapabilities 
BITS 
} 


dotidPortCapabilities OBJECT-TYPE 

SYNTAX BITS ( 
dotlaDotlgqTagging(0), 
dotiqConfigurableAcceptableFrameTypes (1), 
dotiqingressFiltering(2) 

} 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"Indicates the parts of IEEE 802.1D and 802.10 that are 
optional on a per-port basis, that are implemented by 
this device, and that are manageable through this MIB. 


dotiqDotlqTagging(0), -- supports 802.10 VLAN tagging of 
-- frames and GVRP. 
dotliqConfigurableAcceptableFrameTypes (1), 
—— allows modified values of 
-- dotlqPortAcceptableFrameTypes. 
dotigIingressFiltering (2) 
-- supports the discarding of any 
-- frame received on a Port whose 
—— VLAN classification does not 
—— include that Port in its Member 
-- set." 
REFERENCE 
"ISO/IEC 15802-3 Section 5.2, 
IEEE 802.10/D11 Section 5.2" 
::= { dotldPortCapabilitiesEntry 1 } 


dotidPortPriorityTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldPortPriorityEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains information about every port that 
is associated with this transparent bridge." 
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::= { dotldPriority 1 } 


dotidPortPriorityEntry OBJECT-TYPE 


SYNTAX DotidPortPriorityEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A list of Default User Priorities for each port of a 
transparent bridge. This is indexed by dotldBasePort." 
AUGMENTS { dotldBasePortEntry } 
::= { dotldPortPriorityTable 1 } 


DotidPortPriorityEntry ::= 
SEQUENCE { 
dotidPortDefaultUserPriority 
Integer32, 
dotidPortNumTrafficClasses 
Integer32 
} 


dotldPortDefaultUserPriority OBJECT-TYPE 


SYNTAX Integer32 (0..7) 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 
"The default ingress User Priority for this port. This 


only has effect on media, such as Ethernet, that do not 
support native User Priority. 


The value of this object MUST be retained across 
reinitializations of the management system." 


::= { dotldPortPriorityEntry 1 } 


dotidPortNumTrafficClasses OBJECT-TYPE 


SYNTAX Integer32 (1..8) 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The number of egress traffic classes supported on this 
port. This object may optionally be read-only. 


The value of this object MUST be retained across 


reinitializations of the management system." 
:= { dotldPortPriorityEntry 2 } 
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dotidUserPriorityRegenTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotidUserPriorityRegenEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 
"A list of Regenerated User Priorities for each received 
User Priority on each port of a bridge. The Regenerated 


User Priority value may be used to index the Traffic 
Class Table for each input port. This only has effect 
on media that support native User Priority. The default 
values for Regenerated User Priorities are the same as 
the User Priorities." 

REFERENCE 
"ISO/IEC 15802-3 Section 6.4" 

:= { dotldPriority 2 } 


dotidUserPriorityRegenEntry OBJECT-TYPE 


SYNTAX DotidUserPriorityRegenEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A mapping of incoming User Priority to a Regenerated 
User Priority." 

INDEX { dotldBasePort, dotldUserPriority } 

::= { dotldUserPriorityRegenTable 1 } 


DotidUserPriorityRegenEntry ::= 
SEQUENCE { 
dotidUserPriority 
Integer32, 
dotidRegenUserPriority 
Integer32 
} 


dotidUserPriority OBJECT-TYPE 


SYNTAX Integer32 (0..7) 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The User Priority for a frame received on this port." 
::= { dotldUserPriorityRegenEntry 1 } 


dotidRegenUserPriority OBJECT-TYPE 


SYNTAX Integer32 (0..7) 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The Regenerated User Priority that the incoming User 
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Priority is mapped to for this port. 
The value of this object MUST be retained across 


reinitializations of the management system." 
::= { dotldUserPriorityRegenEntry 2 } 


dotldTrafficClassTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldTrafficClassEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table mapping evaluated User Priority to Traffic 
Class, for forwarding by the bridge. Traffic class is a 


number in the range (0.. (dotldPortNumTrafficClasses-1))." 
REFERENCE 


"ISO/IEC 15802-3 Table 7-2" 
::= { dotldPriority 3 } 


dotldTrafficClassEntry OBJECT-TYPE 


SYNTAX DotldTrafficClassEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"User Priority to Traffic Class mapping." 
INDEX { dotldBasePort, dotldTrafficClassPriority } 
:= { dotldTrafficClassTable 1 } 


DotldTrafficClassEntry ::= 
SEQUENCE { 
dotldTrafficClassPriority 
Integer32, 
dotldTrafficClass 
Integer32 
) 


dotldTrafficClassPriority OBJECT-TYPE 


SYNTAX Integer32 (0..7) 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The Priority value determined for the received frame. 
This value is equivalent to the priority indicated in 
the tagged frame received, or one of the evaluated 
priorities, determined according to the media-type. 
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For untagged frames received from Ethernet media, this 
value is equal to the dotldPortDefaultUserPriority value 
for the ingress port. 


For untagged frames received from non-Ethernet media, 

this value is equal to the dotldRegenUserPriority value 

for the ingress port and media-specific user priority." 
:= { dotldTrafficClassEntry 1 } 


dotldTrafficClass OBJECT-TYPE 


SYNTAX Integer32 (0..7) 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The Traffic Class the received frame is mapped to. 
The value of this object MUST be retained across 


reinitializations of the management system." 
::= { dotldTrafficClassEntry 2 } 


dotidPortOutboundAccessPriorityTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldPortOutboundAccessPriorityEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table mapping Regenerated User Priority to Outbound 
Access Priority. This is a fixed mapping for all port 
types, with two options for 802.5 Token Ring." 
REFERENCE 
"ISO/IEC 15802-3 Table 7-3" 
::= { dotldPriority 4 } 


dotidPortOutboundAccessPriorityEntry OBJECT-TYPE 

SYNTAX Dot1ldPortOutboundAccessPriorityEntry 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"Regenerated User Priority to Outbound Access Priority 
mapping." 

INDEX { dotldBasePort, dotldRegenUserPriority } 

:= { dotldPortOutboundAccessPriorityTable 1 } 


DotidPortOutboundAccessPriorityEntry ::= 
SEQUENCE { 
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dotidPortOutboundAccessPriority 
Integer32 
} 


dotldPortOutboundAccessPriority OBJECT-TYPE 


SYNTAX Integer32 (0..7) 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The Outbound Access Priority the received frame is 
mapped to." 


::= { dotldPortOutboundAccessPriorityEntry 1 } 


dotldPortGarpTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldPortGarpEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table of GARP control information about every bridge 
port. This is indexed by dotldBasePort." 
:= { dotldGarp 1 } 


dotidPortGarpEntry OBJECT-TYPE 


SYNTAX DotidPortGarpEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"GARP control information for a bridge port." 
AUGMENTS { dotldBasePortEntry } 
::= { dotldPortGarpTable 1 } 


DotidPortGarpEntry ::= 
SEQUENCE { 

dotidPortGarpJoinTime 
Timelnterval, 

dotldPortGarpleaveTime 
Timelnterval, 

dotidPortGarpLeaveAllTime 
TimeInterval 
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dotidPortGarpJoinTime OBJECT-TYPE 


SYNTAX Timelnterval 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The GARP Join time, in centiseconds. 


The value of this object MUST be retained across 
reinitializations of the management system." 


DEFVAL 1 20 ) 
::= { dotldPortGarpEntry 1 } 


dotidPortGarpLeaveTime OBJECT-TYPE 


SYNTAX Timelnterval 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The GARP Leave time, in centiseconds. 


The value of this object MUST be retained across 
reinitializations of the management system." 


DEFVAL { 60 } 
::= { dotldPortGarpEntry 2 } 


dotidPortGarpLeaveAllTime OBJECT-TYPE 


SYNTAX Timelnterval 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The GARP LeaveAll time, in centiseconds. 


The value of this object MUST be retained across 
reinitializations of the management system." 


DEFVAL { 1000 } 
::= { dotldPortGarpEntry 3 } 


dotldPortGmrpTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldPortGmrpEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


January 2006 


"A table of GMRP control and status information about 
every bridge port. Augments the dotldBasePortTable." 


::= { dotldGmrp 1 } 
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dotidPortGmrpEntry OBJECT-TYPE 


SYNTAX DotidPortGmrpEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"GMRP control and status information for a bridge port." 
AUGMENTS { dotldBasePortEntry } 
:= { dotldPortGmrpTable 1 } 


DotidPortGmrpEntry ::= 
SEQUENCE { 
dotldPortGmrpStatus 
EnabledStatus, 
dotidPortGmrpFailedRegistrations 
Counter32, 
dotldPortGmrpLastPduOrigin 
MacAddress, 
dotldPortRestrictedGroupRegistration 
TruthValue 
} 


dotldPortGmrpStatus OBJECT-TYPE 

SYNTAX EnabledStatus 

MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 
"The administrative state of GMRP operation on this port. The 
value enabled(1) indicates that GMRP is enabled on this port 
in all VLANs as long as dotldGmrpStatus is also enabled(1). 
A value of disabled(2) indicates that GMRP is disabled on 
this port in all VLANs: any GMRP packets received will 
be silently discarded, and no GMRP registrations will be 
propagated from other ports. Setting this to a value of 
enabled(1) will be stored by the agent but will only take 
effect on the GMRP protocol operation if dotldGmrpStatus 
also indicates the value enabled(1). This object affects 
all GMRP Applicant and Registrar state machines on this 
port. A transition from disabled(2) to enabled(1) will 
cause a reset of all GMRP state machines on this port. 


The value of this object MUST be retained across 
reinitializations of the management system." 
DEFVAL { enabled } 
:= { dotldPortGmrpEntry 1 } 


dotidPortGmrpFailedRegistrations OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 


Levi & Harrington Standards Track [Page 30] 


RFC 4363 Bridge MIB Extensions January 2006 


STATUS current 

DESCRIPTION 
"The total number of failed GMRP registrations, for any 
reason, in all VLANs, on this port." 

::= { dotldPortGmrpEntry 2 } 


dotidPortGmrpLastPduOrigin OBJECT-TYPE 


SYNTAX MacAddress 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The Source MAC Address of the last GMRP message 
received on this port." 
::= { dotldPortGmrpEntry 3 } 


dotidPortRestrictedGroupRegistration OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The state of Restricted Group Registration on this port. 
If the value of this control is true(1), then creation 
of a new dynamic entry is permitted only if there is a 
Static Filtering Entry for the VLAN concerned, in which 
the Registrar Administrative Control value is Normal 
Registration. 


The value of this object MUST be retained across 
reinitializations of the management system." 


REFERENCE 
"IEEE 802.1t clause 10.3.2.3, 14.10.1.3." 
DEFVAL { false } 


::= { dotldPortGmrpEntry 4 } 


dotldTpHCPortTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldTpHCPortEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains information about every high- 
capacity port that is associated with this transparent 
bridge." 

::= { dotldTp 5 } 
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dot1dTpHCPortEntry OBJECT-TYPE 


SYNTAX DotldTpHCPortEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"Statistics information for each high-capacity port of a 
transparent bridge." 

INDEX { dotldTpPort } 

::= { dotldTpHCPortTable 1 } 


DotldTpHCPortEntry ::= 
SEQUENCE { 

dotldTpHCPortiInFrames 
Counter64, 

dotldTpHCPortOutFrames 
Counter64, 

dotldTpHCPortInDiscards 
Counter64 


} 


dotldTpHCPortiInFrames OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of frames that have been received by this 
port from its segment. Note that a frame received on 
the interface corresponding to this port is only counted 
by this object if and only if it is for a protocol being 
processed by the local bridging function, including 
bridge management frames." 

REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 

::= { dotldTpHCPortEntry 1 } 


dotldTpHCPortOutFrames OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of frames that have been transmitted by this 
port to its segment. Note that a frame transmitted on 
the interface corresponding to this port is only counted 
by this object if and only if it is for a protocol being 
processed by the local bridging function, including 
bridge management frames." 

REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 
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::= { dotldTpHCPortEntry 2 } 


dotldTpHCPortInDiscards OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"Count of valid frames that have been received by this 
port from its segment that were discarded (i.e., 
filtered) by the Forwarding Process." 

REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 

::= { dotldTpHCPortEntry 3 } 


dotldTpPortOverflowTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotldTpPortOverflowEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains the most-significant bits of 

statistics counters for ports that are associated with this 
transparent bridge that are on high-capacity interfaces, as 
defined in the conformance clauses for this table. This table 
is provided as a way to read 64-bit counters for agents that 
support only SNMPvl. 


Note that the reporting of most-significant and 
least-significant counter bits separately runs the risk of 
missing an overflow of the lower bits in the interval between 
sampling. The manager must be aware of this possibility, even 
within the same varbindlist, when interpreting the results of 
a request or asynchronous notification." 

:= { dotldTp 6 ) 


dotldTpPortOverflowEntry OBJECT-TYPE 

SYNTAX DotldTpPortOverflowEntry 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"The most significant bits of statistics counters for a high- 
capacity interface of a transparent bridge. Each object is 
associated with a corresponding object in dotldTpPortTable 
that indicates the least significant bits of the counter." 

INDEX { dotldTpPort } 
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::= { dotldTpPortOverflowTable 1 } 


DotidTpPortOverflowEntry ::= 
SEQUENCE { 

dotldTpPortInOverflowFrames 
Counter32, 

dotldTpPortOutOverflowFrames 
Counter32, 

dotldTpPortInOverflowDiscards 
Counter32 


} 


dotldTpPortInOverflowFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated dotldTpPortInFrames 
counter has overflowed." 
REFERENCE 
"TSO/IEC 15802-3 Section 14.6.1.1.3" 
:= { dotldTpPortOverflowEntry 1 } 


dotldTpPortOutOverflowFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated dotldTpPortOutFrames 
counter has overflowed." 

REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 

::= { dotldTpPortOverflowEntry 2 } 


dotldTpPortInOverflowDiscards OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated 
dotldTpPortInDiscards counter has overflowed." 
REFERENCE 
"TSO/IEC 15802-3 Section 14.6.1.1.3" 
:= { dotldTpPortOverflowEntry 3 } 
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pBridgeConformance OBJECT IDENTIFIER ::= { pBridgeMIB 2 } 


pBridgeGroups OBJECT IDENTIFIER ::= { pBridgeConformance 1 } 


pBridgeCompliances OBJECT IDENTIFIER 
::= { pBridgeConformance 2 } 


pBridgeExtCapGroup OBJECT-GROUP 

OBJECTS { 
dotidDeviceCapabilities, 
dotidPortCapabilities 

} 

STATUS current 

DESCRIPTION 
"A collection of objects indicating the optional 
capabilities of the device." 

::= { pBridgeGroups 1 } 


pBridgeDeviceGmrpGroup OBJECT-GROUP 

OBJECTS ( 
dotldGmrpStatus 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing device-level control 
for the Multicast Filtering extended bridge services." 

::= { pBridgeGroups 2 } 


pBridgeDevicePriorityGroup OBJECT-GROUP 

OBJECTS { 
dotldTrafficClassesEnabled 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing device-level control 
for the Priority services." 

::= { pBridgeGroups 3 } 


pBridgeDefaultPriorityGroup OBJECT-GROUP 
OBJECTS { 
dotidPortDefaultUserPriority 
} 
STATUS current 
DESCRIPTION 
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"A collection of objects defining the User Priority 
applicable to each port for media that do not support 
native User Priority." 

::= { pBridgeGroups 4 } 


pBridgeRegenPriorityGroup OBJECT-GROUP 

OBJECTS { 
dotidRegenUserPriority 

} 

STATUS current 

DESCRIPTION 
"A collection of objects defining the User Priorities 
applicable to each port for media that support native 
User Priority." 

:= { pBridgeGroups 5 } 


pBridgePriorityGroup OBJECT-GROUP 
OBJECTS { 
dotldPortNumTrafficClasses, 
dotldTrafficClass 
} 
STATUS current 
DESCRIPTION 
"A collection of objects defining the traffic classes 
within a bridge for each evaluated User Priority." 
::= { pBridgeGroups 6 ) 


pBridgeAccessPriorityGroup OBJECT-GROUP 

OBJECTS { 
dotidPortOutboundAccessPriority 

} 

STATUS current 

DESCRIPTION 
"A collection of objects defining the media-dependent 
outbound access level for each priority." 

::= { pBridgeGroups 7 } 


pBridgePortGarpGroup OBJECT-GROUP 

OBJECTS { 
dotldPortGarpJoinTime, 
dotldPortGarpleaveTime, 
dotidPortGarpLeaveAllTime 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing port level control 
and status information for GARP operation." 

::= { pBridgeGroups 8 } 
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pBridgePortGmrpGroup OBJECT-GROUP 

OBJECTS { 
dotldPortGmrpStatus, 
dotldPortGmrpFailedRegistrations, 
dotldPortGmrpLastPduOrigin 

} 

STATUS deprecated 

DESCRIPTION 
"A collection of objects providing port level control 
and status information for GMRP operation." 

::= { pBridgeGroups 9 } 


pBridgeHCPortGroup OBJECT-GROUP 

OBJECTS { 
dotidTpHCPortInFrames, 
dotldTpHCPortOutFrames, 
dotldTpHCPortInDiscards 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing 64-bit statistics 
counters for high-capacity bridge ports." 

::= { pBridgeGroups 10 } 


pBridgePortOverflowGroup OBJECT-GROUP 

OBJECTS { 
dotldTpPortInOverflowFrames, 
dotldTpPortOutOverflowFrames, 
dotldTpPortInOverflowDiscards 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing overflow statistics 
counters for high-capacity bridge ports." 

::= { pBridgeGroups 11 } 


pBridgePortGmrpGroup2 OBJECT-GROUP 

OBJECTS { 
dotldPortGmrpStatus, 
dotldPortGmrpFailedRegistrations, 
dotidPortGmrpLastPduOrigin, 
dotldPortRestrictedGroupRegistration 

) 

STATUS current 

DESCRIPTION 
"A collection of objects providing port level control 
and status information for GMRP operation." 

::= { pBridgeGroups 12 } 
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pBridgeCompliance MODULE-COMPLIANCE 
STATUS deprecated 
DESCRIPTION 
"The compliance statement for device support of Priority 
and Multicast Filtering extended bridging services." 


MODULE 
MANDATORY-GROUPS { pBridgeExtCapGroup } 


GROUP pBridgeDeviceGmrpGroup 

DESCRIPTION 
"This group is mandatory for devices supporting the GMRP 
application, defined by IEEE 802.1D Extended Filtering 
Services." 


GROUP pBridgeDevicePriorityGroup 

DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 
802.1D." 


GROUP pBridgeDefaultPriorityGroup 

DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by the 
extended bridge services with media types, such as 
Ethernet, that do not support native User Priority." 


GROUP pBridgeRegenPriorityGroup 
DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 802.1D 
and that have interface media types that support 
native User Priority, e.g., IEEE 802.5." 


GROUP pBridgePriorityGroup 
DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 802.1D." 


GROUP pBridgeAccessPriorityGroup 

DESCRIPTION 
"This group is optional and is relevant only for devices 
supporting the priority forwarding operations defined by 
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IEEE 802.1D and that have interface media types that 
support native Access Priority, e.g., IEEE 802.5." 


GROUP pBridgePortGarpGroup 

DESCRIPTION 
"This group is mandatory for devices supporting any 
of the GARP applications: e.g., GMRP, defined by the 
extended filtering services of 802.1D; or GVRP, 
defined by 802.10 (refer to the Q-BRIDGE-MIB for 
conformance statements for GVRP)." 


GROUP pBridgePortGmrpGroup 

DESCRIPTION 
"This group is mandatory for devices supporting the 
GMRP application, as defined by IEEE 802.1D Extended 
Filtering Services." 


GROUP pBridgeHCPortGroup 

DESCRIPTION 
"Support for this group in a device is mandatory for those 
bridge ports that map to network interfaces that have the 
value of the corresponding instance of ifSpeed 
greater than 650,000,000 bits/second." 


GROUP pBridgePortOverflowGroup 

DESCRIPTION 
"Support for this group in a device is mandatory for those 
bridge ports that map to network interfaces that have the 
value of the corresponding instance of ifSpeed 
greater than 650,000,000 bits/second." 


OBJECT dotldPortNumTrafficClasses 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


OBJECT dotldTrafficClass 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


OBJECT dotidRegenUserPriority 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


::= { pBridgeCompliances 1 } 


Levi & Harrington Standards Track [Page 39] 


RFC 4363 Bridge MIB Extensions January 2006 


pBridgeCompliance2 MODULE-COMPLIANCE 
STATUS current 
DESCRIPTION 
"The compliance statement for device support of Priority 
and Multicast Filtering extended bridging services." 


MODULE 
MANDATORY-GROUPS { pBridgeExtCapGroup } 


GROUP pBridgeDeviceGmrpGroup 

DESCRIPTION 
"This group is mandatory for devices supporting the GMRP 
application, defined by IEEE 802.1D Extended Filtering 
Services." 


GROUP pBridgeDevicePriorityGroup 

DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 
802.1D." 


GROUP pBridgeDefaultPriorityGroup 

DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by the 
extended bridge services with media types, such as 
Ethernet, that do not support native User Priority." 


GROUP pBridgeRegenPriorityGroup 
DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 802.1D 
and that have interface media types that support 
native User Priority, e.g., IEEE 802.5." 


GROUP pBridgePriorityGroup 
DESCRIPTION 
"This group is mandatory only for devices supporting 
the priority forwarding operations defined by IEEE 802.1D." 


GROUP pBridgeAccessPriorityGroup 

DESCRIPTION 
"This group is optional and is relevant only for devices 
supporting the priority forwarding operations defined by 
IEEE 802.1D and that have interface media types that 
support native Access Priority, e.g., IEEE 802.5." 


GROUP pBridgePortGarpGroup 
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DESCRIPTION 
"This group is mandatory for devices supporting any 
of the GARP applications: e.g., GMRP, defined by the 
extended filtering services of 802.1D; or GVRP, 
defined by 802.10 (refer to the Q-BRIDGE-MIB for 
conformance statements for GVRE)." 


GROUP pBridgePortGmrpGroup2 

DESCRIPTION 
"This group is mandatory for devices supporting the 
GMRP application, as defined by IEEE 802.1D Extended 
Filtering Services." 


GROUP pBridgeHCPortGroup 

DESCRIPTION 
"Support for this group in a device is mandatory for those 
bridge ports that map to network interfaces that have the 
value of the corresponding instance of ifSpeed 
greater than 650,000,000 bits/second." 


GROUP pBridgePortOverflowGroup 

DESCRIPTION 
"Support for this group in a device is mandatory for those 
bridge ports that map to network interfaces that have the 
value of the corresponding instance of ifSpeed 
greater than 650,000,000 bits/second." 


OBJECT dot1dPortNumTrafficClasses 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


OBJECT dotldTrafficClass 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


OBJECT dotidRegenUserPriority 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 
::= { pBridgeCompliances 2 } 


END 
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5. Definitions for Virtual Bridge MIB 


O-BRIDGE-MIB DEFINITIONS ::= BEGIN 


IMPORTS 
MODULE-IDENTITY, OBJECT-TYPE, 
Counter32, Counter64, Unsigned32, TimeTicks, Integer32 
FROM SNMPv2-SMI 
RowStatus, TruthValue, TEXTUAL-CONVENTION, MacAddress 
FROM SNMPv2-TC 
SnmpAdminString 
FROM SNMP-FRAMEWORK-MIB 
MODULE-COMPLIANCE, OBJECT-GROUP 
FROM SNMPv2-CONF 
dotldBridge, dotldBasePortEntry, dotldBasePort 
FROM BRIDGE-MIB 
EnabledStatus 
FROM P-BRIDGE-MIB 
TimeFilter 
FROM RMON2-MIB; 


aBridgeMIB MODULE-IDENTITY 
LAST-UPDATED "2006010900002" 
ORGANIZATION "IETF Bridge MIB Working Group" 
CONTACT-INFO 
"Email: Bridge-mib@ietf.org 
ietfmibs@ops.ietf.org 


David Levi 

Postal: Nortel Networks 
4655 Great America Parkway 
Santa Clara, CA 95054 


USA 
Phone: +1 865 686 0432 
Email: dlevi@nortel.com 


David Harrington 
Postal: Effective Software 
50 Harding Rd. 
Portsmouth, NH 03801 
USA 
Phone: +1 603 436 8634 
Email: ietfdbh@comcast.net 
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Postal: 


Email: 


Postal: 


Fax: 


Email: 


Postal: 


Phone: 
Email: 


Postal: 


Phone: 
Email: 


Postal: 


Phone: 
Email: 
DESCRIPTION 


Bridge MIB Extensions January 2006 
Les Bell 
Hemel Hempstead, Herts. HP2 7YU 
UK 


elbell@ntlworld.com 


Andrew Smith 

Beijing Harbour Networks 
Jiuling Building 

21 North Xisanhuan Ave. 
Beijing, 100089 

PRC 

+1 415 345 1827 
ah_smith@acm.org 


Paul Langille 
Newbridge Networks 

5 Corporate Drive 
Andover, MA 01810 

USA 

+1 978 691 4665 
langille@newbridge.com 


Anil Rijhsinghani 

Accton Technology Corporation 
5 Mount Royal Ave 

Marlboro, MA 01752 

USA 


anil@accton.com 


Keith McCloghrie 

Cisco Systems, Inc. 

170 West Tasman Drive 
San Jose, CA 95134-1706 
USA 

+1 408 526 5260 
kzm@cisco.com" 


"The VLAN Bridge MIB module for managing Virtual Bridged 
Local Area Networks, as defined by IEEE 802.10-2003, 
including Restricted Vlan Registration defined by 

IEEE 802.1u-2001 and Vlan Classification defined by 

IEEE 802.1v-2001. 


Copyright 


(C) The Internet Society (2006). This version of 


this MIB module is part of RFC 4363; See the RFC itself for 
full legal notices." 


REVISION 


Levi & Harrington 


"2006010900002" 
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DESCRIPTION 
"Added Vlan TEXTUAL-CONVENTIONS, 
dotiqPortRestrictedVlanRegistration, dotlvProtocol subtree, 
qBridgeClassificationDeviceGroup, aBridgePortGroup2, 
qBridgeClassificationPortGroup, and qBridgeCompliance2. 
Clarified dotlqForwardA11StaticPorts, 
qPortAcceptableFrameTypes, and qBridgeCompliance. 
Deprecated qBridgePortGroup and qBridgeCompliance." 


REVISION "1999082500002" 
DESCRIPTION 
"The VLAN Bridge MIB module for managing Virtual Bridged 
Local Area Networks, as defined by IEEE 802.10-1998. 
Initial version, published as RFC 2674." 


::= { dotldBridge 7 } 


aBridgeMIBObjects OBJECT IDENTIFIER ::= { qBridgeMIB 1 } 


PortList ::= TEXTUAL-CONVENTION 
STATUS current 
DESCRIPTION 


"Each octet within this value specifies a set of eight 
ports, with the first octet specifying ports 1 through 
8, the second octet specifying ports 9 through 16, etc. 
Within each octet, the most significant bit represents 
the lowest numbered port, and the least significant bit 
represents the highest numbered port. Thus, each port 
of the bridge is represented by a single bit within the 
value of this object. If that bit has a value of 'l', 
then that port is included in the set of ports; the port 
is not included if its bit has a value of ’0’." 

SYNTAX OCTET STRING 


VlanIndex ::= TEXTUAL-CONVENTION 

DISPLAY-HINT "d" 

STATUS current 

DESCRIPTION 
"A value used to index per-VLAN tables: values of 0 and 
4095 are not permitted. If the value is between 1 and 
4094 inclusive, it represents an IEEE 802.10 VLAN-ID with 
global scope within a given bridged domain (see VlanId 
textual convention). If the value is greater than 4095, 
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then it represents a VLAN with scope local to the 
particular agent, i.e., one without a global VLAN-ID 
assigned to it. Such VLANs are outside the scope of 
IEEE 802.10, but it is convenient to be able to manage them 
in the same way using this MIB." 

SYNTAX Unsigned32 


Vlanld ::= TEXTUAL-CONVENTION 
DISPLAY-HINT "d" 
STATUS current 
DESCRIPTION 
"The VLAN-ID that uniquely identifies a VLAN. This 
is the 12-bit VLAN-ID used in the VLAN Tag header. 
The range is defined by the REFERENCEd specification." 
REFERENCE 
"TEEE Std 802.10 2003 Edition, Virtual Bridged 
Local Area Networks." 


SYNTAX Integer32 (1..4094) 
VlanIdOrAny ::= TEXTUAL-CONVENTION 

DISPLAY-HINT "d" 

STATUS current 

DESCRIPTION 


"The VLAN-ID that uniquely identifies a specific VLAN, 
or any VLAN. The special value of 4095 is used to 
indicate a wildcard, i.e., any VLAN. This can be used 
in any situation where an object or table entry must 
refer either to a specific VLAN or to any VLAN. 


Note that a MIB object that is defined using this 
TEXTUAL-CONVENTION should clarify the meaning of 
‘any VLAN’ (i.e., the special value 4095)." 


SYNTAX Integer32 (1..4094 | 4095) 
VlanIdOrNone ::= TEXTUAL-CONVENTION 

DISPLAY-HINT "d" 

STATUS current 

DESCRIPTION 


"The VLAN-ID that uniquely identifies a specific VLAN, 

or no VLAN. The special value of zero is used to 
indicate that no VLAN-ID is present or used. This can 

be used in any situation where an object or a table entry 
must refer either to a specific VLAN, or to no VLAN. 


Note that a MIB object that is defined using this 
TEXTUAL-CONVENTION should clarify the meaning of 
“no VLAN’ (i.e., the special value 0)." 

SYNTAX Integer32 (0 | 1..4094) 
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VlanIdO0rAnyOrNone ::= TEXTUAL-CONVENTION 
DISPLAY-HINT "d" 
STATUS current 
DESCRIPTION 


"The VLAN-1D that uniquely identifies a specific VLAN, 
any VLAN, or no VLAN. The special values 0 and 4095 
have the same meaning as described in the VlanIdOrAny 
and VlanIdOrNone TEXTUAL-CONVENTIONs. 


Note that a MIB object that is defined using this 
TEXTUAL-CONVENTION should clarify the meaning of 
‘any VLAN’ and 'no VLAN’ (i.e., the special values 
0 and 4095)." 

SYNTAX Integer32 (0 | 1..4094 | 4095) 


-- subtrees in the O-BRIDGE MIB 
dotlqBase OBJECT IDENTIFIER ::= { qBridgeMIBObjects 1 } 
dotlaTp OBJECT IDENTIFIER ::= { qBridgeMIBObjects 2 } 
dotiqStatic OBJECT IDENTIFIER ::= { qBridgeMIBObjects 3 } 
dotlqVlan OBJECT IDENTIFIER ::= { qBridgeMIBObjects 4 } 
dotlvProtocol OBJECT IDENTIFIER ::= { qBridgeMIBObjects 5 } 
-- dotlqBase subtree 
dotiqVlanVersionNumber OBJECT-TYPE 
SYNTAX INTEGER { 
versionl (1) 
} 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"The version number of IEEE 802.10 that this device 
supports." 
REFERENCE 


"IEEE 802.10/D11 Section 12.10.1.1" 
::= { dotlqBase 1 } 


dotiqMaxVlanid OBJECT-TYPE 


SYNTAX Vlanld 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The maximum IEEE 802.10 VLAN-ID that this device 
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supports." 
REFERENCE 

"IEEE 802.10/D11 Section 9.3.2.3" 
::= { dotlqBase 2 } 


dotlqMaxSupportedVlans OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The maximum number of IEEE 802.10 VLANs that this 


device supports." 
REFERENCE 
"IEEE 802.10/D11 Section 12.10.1.1" 
:= { dotlqBase 3 } 


dotiqNumVlans OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The current number of IEEE 802.10 VLANs that are 


configured in this device." 
REFERENCE 

"IEEE 802.10/D11 Section 12.7.1.1" 
::= { dotlqBase 4 } 


dotlqGvrpStatus OBJECT-TYPE 


SYNTAX EnabledStatus 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


January 2006 


"The administrative status requested by management for 
GVRP. The value enabled(1) indicates that GVRP should 
be enabled on this device, on all ports for which it has 


not been specifically disabled. When disabled(2), 


GVRP 


is disabled on all ports, and all GVRP packets will be 
forwarded transparently. This object affects all GVRP 


Applicant and Registrar state machines. 


A transition 


from disabled(2) to enabled(1) will cause a reset of all 


GVRP state machines on all ports. 


The value of this object MUST be retained across 
reinitializations of the management system." 


DEFVAL { enabled } 
::= { dotlqBase 5 } 
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-- the dotlqTp subtree 


dotiqFdbTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlgFdbEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains configuration and control 
information for each Filtering Database currently 


January 2006 


operating on this device. Entries in this table appear 


automatically when VLANs are assigned FDB IDs in the 


dotlqVlanCurrentTable." 
::= { dotlqTp 1 } 


dotligFdbEntry OBJECT-TYPE 


SYNTAX Dot1gFdbEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"Information about a specific Filtering Database." 


INDEX { dotlqFdbId } 
::= { dotlqFdbTable 1 } 


DotiqFdbEntry ::= 
SEQUENCE { 
dotlqFdbId 
Unsigned32, 
dotigFdbDynamicCount 
Counter32 
} 


dotligFdbId OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The identity of this Filtering Database." 


::= { dotlqFdbEntry 1 } 


dotigFdbDynamicCount OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
Levi & Harrington Standards Track 
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DESCRIPTION 
"The current number of dynamic entries in this 
Filtering Database." 

REFERENCE 
"IEEE 802.10/D11 Section 12.7.1.1.3" 

::= { dotlqFdbEntry 2 } 


-- Multiple Forwarding Databases for 802.10 Transparent Devices 
-- This table is an alternative to the dotldTpFdbTable, 

—- previously defined for 802.1D devices that only support a 

—- single Forwarding Database. 


dotlqTpFdbTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqTpFdbEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains information about unicast entries 
for which the device has forwarding and/or filtering 
information. This information is used by the 
transparent bridging function in determining how to 
propagate a received frame." 

REFERENCE 
"IEEE 802.10/D11 Section 12.7.7" 

::= { dotlqTp 2 } 


dotlgqTpFdbEntry OBJECT-TYPE 


SYNTAX DotlqTpFdbEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"Information about a specific unicast MAC address for 
which the device has some forwarding and/or filtering 
information." 

INDEX { dotliqFdbId, dotlqTpFdbAddress } 

::= { dotlqTpFdbTable 1 } 


DotiqTpFdbEntry ::= 
SEQUENCE { 
dotlqTpFdbAddress 
MacAddress, 
dotlqTpFdbPort 
Integer32, 
dotliqTpFdbStatus 
INTEGER 
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dotlqTpFdbAddress OBJECT-TYPE 


SYNTAX MacAddress 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"A unicast MAC address for which the device has 
forwarding and/or filtering information." 
:= { dotlqIpFdbEntry 1 } 


dotlgqTpFdbPort OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"Either the value ’0’, or the port number of the port on 
which a frame having a source address equal to the value 
of the corresponding instance of dotlqTpFdbAddress has 
been seen. A value of ’0’ indicates that the port 
number has not been learned but that the device does 
have some forwarding/filtering information about this 
address (e.g., in the dotlqStaticUnicastTable). 
Implementors are encouraged to assign the port value to 
this object whenever it is learned, even for addresses 
for which the corresponding value of dotlqTpFdbStatus is 
not learned(3)." 

::= { dotlqTpFdbEntry 2 } 


dotliqTpFdbStatus OBJECT-TYPE 


SYNTAX INTEGER { 
other (1), 
invalid(2), 
learned(3), 
self (4), 
mgmt (5) 
} 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"The status of this entry. The meanings of the values 
are: 
other(1) - none of the following. This may include 


the case where some other MIB object (not the 
corresponding instance of dotlqTpFdbPort, nor an 
entry in the dotlqStaticUnicastTable) is being 
used to determine if and how frames addressed to 
the value of the corresponding instance of 
dotiqTpFdbAddress are being forwarded. 
invalid(2) - this entry is no longer valid (e.g., it 
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was learned but has since aged out), but has not 
yet been flushed from the table. 

learned(3) - the value of the corresponding instance 
of dotiqTpFdbPort was learned and is being used. 

self (4) - the value of the corresponding instance of 
dotlqTpFdbAddress represents one of the device's 
addresses. The corresponding instance of 
dotlqTpFdbPort indicates which of the device's 
ports has this address. 

mgmt (5) - the value of the corresponding instance of 
dotiqTpFdbAddress is also the value of an 
existing instance of dotlqStaticAddress." 

::= { dotlqTpFdbEntry 3 } 


dotlqTpGroupTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqTpGroupEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing filtering information for VLANs 
configured into the bridge by (local or network) 
management, or learned dynamically, specifying the set of 
ports to which frames received on a VLAN for this FDB 
and containing a specific Group destination address are 
allowed to be forwarded." 

:= { dotlqTp 3 } 


dotlqTpGroupEntry OBJECT-TYPE 


SYNTAX DotlqTpGroupEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"Filtering information configured into the bridge by 
management, or learned dynamically, specifying the set of 
ports to which frames received on a VLAN and containing 
a specific Group destination address are allowed to be 
forwarded. The subset of these ports learned dynamically 
is also provided." 

INDEX { dotliqVlanIndex, dotlqTpGroupAddress } 

:= { dotlqTpGroupTable 1 } 


DotiqTpGroupEntry ::= 


SEQUENCE { 
dotlqTpGroupAddress 
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MacAddress, 
dotlqTpGroupEgressPorts 
PortList, 
dotlqTpGroupLearnt 
PortList 


} 


dotlqTpGroupAddress OBJECT-TYPE 


SYNTAX MacAddress 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The destination Group MAC address in a frame to which 
this entry’s filtering information applies." 
:= { dotlqTpGroupEntry 1 } 


dotlqTpGroupEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The complete set of ports, in this VLAN, to which 
frames destined for this Group MAC address are currently 
being explicitly forwarded. This does not include ports 
for which this address is only implicitly forwarded, in 
the dotlqFrorwardAllPorts list." 

::= { dotlqTpGroupEntry 2 } 


dotlqTpGroupLearnt OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The subset of ports in dotlqTpGroupEgressPorts that 

were learned by GMRP or some other dynamic mechanism, in 

this Filtering database. 
:= { dotlqTpGroupEntry 3 } 


dotlqForwardAllTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqForwardAllEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing forwarding information for each 
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VLAN, specifying the set of ports to which forwarding of 
all multicasts applies, configured statically by 
management or dynamically by GMRP. An entry appears in 
this table for all VLANS that are currently 
instantiated." 

REFERENCE 
"IEEE 802.10/D11 Section 12.7.2, 12.7.7" 

:= { dotlgTp 4 } 


dotiqForwardAllEntry OBJECT-TYPE 


SYNTAX DotiqForwardAllEntry 
MAX-ACCESS not-accessible 
STATUS current 

DESCRIPTION 


"Forwarding information for a VLAN, specifying the set 
of ports to which all multicasts should be forwarded, 
configured statically by management or dynamically by 
GMRP." 

INDEX { dotliqVlanIndex } 

::= { dotlqForwardAllTable 1 } 


DotiqForwardAllEntry ::= 
SEQUENCE { 
dotlqForwardAllPorts 
PortList, 
dotiqForwardAllStaticPorts 
Portlist, 
dotiqForwardAllForbiddenPorts 
Portlist 
} 


dotiqForwardAllPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The complete set of ports in this VLAN to which all 
multicast group-addressed frames are to be forwarded. 
This includes ports for which this need has been 
determined dynamically by GMRP, or configured statically 
by management." 

::= { dotlqForwardAllEntry 1 } 


dotiqForwardAllStaticPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


Levi & Harrington Standards Track [Page 53] 


RFC 4363 Bridge MIB Extensions January 2006 


"The set of ports configured by management in this VLAN 
to which all multicast group-addressed frames are to be 
forwarded. Ports entered in this list will also appear 
in the complete set shown by dotlqForwardAllPorts. This 
value will be restored after the device is reset. This 
only applies to ports that are members of the VLAN, 
defined by dotlqVlanCurrentEgressPorts. A port may not 
be added in this set if it is already a member of the 
set of ports in dotlqForwardAllForbiddenPorts. The 
default value is a string of ones of appropriate length, 
to indicate the standard behaviour of using basic 
filtering services, i.e., forward all multicasts to all 
ports. 


The value of this object MUST be retained across 
reinitializations of the management system." 


::= { dotlqForwardAllEntry 2 } 


dotiqForwardAllForbiddenPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The set of ports configured by management in this VLAN 
for which the Service Requirement attribute Forward All 
Multicast Groups may not be dynamically registered by 
GMRP. This value will be restored after the device is 
reset. A port may not be added in this set if it is 
already a member of the set of ports in 
dotiqForwardAllStaticPorts. The default value is a 
string of zeros of appropriate length. 


The value of this object MUST be retained across 
reinitializations of the management system." 


::= { dotlqForwardAllEntry 3 } 


dotigqForwardUnregisteredTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqForwardUnregisteredEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing forwarding information for each 
VLAN, specifying the set of ports to which forwarding of 
multicast group-addressed frames for which no 

more specific forwarding information applies. This is 
configured statically by management and determined 
dynamically by GMRP. An entry appears in this table for 
all VLANs that are currently instantiated." 
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REFERENCE 


"IEEE 802.10/D11 Section 12.7.2, 12.7.7" 
::= { dotlqaTp 5 } 


dotigqForwardUnregisteredEntry OBJECT-TYPE 


SYNTAX DotlgqForwardUnregisteredEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Forwarding information for a VLAN, specifying the set 
of ports to which all multicasts for which there is no 
more specific forwarding information shall be forwarded. 
This is configured statically by management or 
dynamically by GMRP." 

INDEX { dotlqVlanIndex } 

::= { dotlqForwardUnregisteredTable 1 } 


DotiqForwardUnregisteredEntry ::= 
SEQUENCE { 
dotiqForwardUnregisteredPorts 
Portlist, 
dotigqForwardUnregisteredStaticPorts 
PortList, 
dotiqForwardUnregisteredForbiddenPorts 
PortList 
} 


dotigqForwardUnregisteredPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The complete set of ports in this VLAN to which 
multicast group-addressed frames for which there is no 
more specific forwarding information will be forwarded. 
This includes ports for which this need has been 
determined dynamically by GMRP, or configured statically 
by management." 

::= { dotlqForwardUnregisteredEntry 1 } 


dotiqForwardUnregisteredStaticPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The set of ports configured by management, in this 
VLAN, to which multicast group-addressed frames for 
which there is no more specific forwarding information 
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are to be forwarded. Ports entered in this list will 
also appear in the complete set shown by 
dotiqForwardUnregisteredPorts. This value will be 
restored after the device is reset. A port may not be 
added in this set if it is already a member of the set 
of ports in dotlqForwardUnregisteredForbiddenPorts. The 
default value is a string of zeros of appropriate 
length, although this has no effect with the default 
value of dotlqForwardA1l1StaticPorts. 


The value of this object MUST be retained across 
reinitializations of the management system." 


::= { dotlqForwardUnregisteredEntry 2 } 


dotigqForwardUnregisteredForbiddenPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The set of ports configured by management in this VLAN 
for which the Service Requirement attribute Forward 
Unregistered Multicast Groups may not be dynamically 
registered by GMRP. This value will be restored after 
the device is reset. A port may not be added in this 
set if it is already a member of the set of ports in 
dotiqForwardUnregisteredStaticPorts. The default value 
is a string of zeros of appropriate length. 


The value of this object MUST be retained across 
reinitializations of the management system." 
::= { dotlqForwardUnregisteredEntry 3 } 


-- The Static (Destination-Address Filtering) Database 


dotiqStaticUnicastTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqStaticUnicastEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing filtering information for Unicast 
MAC addresses for each Filtering Database, configured 
into the device by (local or network) management 
specifying the set of ports to which frames received 
from specific ports and containing specific unicast 
destination addresses are allowed to be forwarded. A 
value of zero in this table (as the port number from 
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which frames with a specific destination address are 
received) is used to specify all ports for which there 
is no specific entry in this table for that particular 
destination address. Entries are valid for unicast 
addresses only." 

REFERENCE 
"IEEE 802.10/D11 Section 12.7.7, 
ISO/IEC 15802-3 Section 7.9.1" 

::= { dotlqStatic 1 } 


dotlqStaticUnicastEntry OBJECT-TYPE 


SYNTAX DotiqStaticUnicastEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Filtering information configured into the device by 
(local or network) management specifying the set of 
ports to which frames received from a specific port and 
containing a specific unicast destination address are 
allowed to be forwarded." 

INDEX { 
dotlqFdbIid, 
dotiqStaticUnicastAddress, 
dotiqStaticUnicastReceivePort 


:= { dotlqStaticUnicastTable 1 } 


DotlqStaticUnicastEntry ::= 
SEQUENCE { 
dotiqStaticUnicastAddress 
MacAddress, 
dotiqStaticUnicastReceivePort 
Integer32, 
dotiqStaticUnicastAllowedToGoTo 
Portlist, 
dotiqStaticUnicastStatus 
INTEGER 
} 


dotiqStaticUnicastAddress OBJECT-TYPE 

SYNTAX MacAddress 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"The destination MAC address in a frame to which this 
entry’s filtering information applies. This object must 
take the value of a unicast address." 

::= { dotlqStaticUnicastEntry 1 } 
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dotiqStaticUnicastReceivePort OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS not-accessible 
STATUS current 

DESCRIPTION 


"Either the value ’0’ or the port number of the port 

from which a frame must be received in order for this 

entry’s filtering information to apply. A value of zero 

indicates that this entry applies on all ports of the 

device for which there is no other applicable entry." 
::= { dotlqStaticUnicastEntry 2 } 


dotiqStaticUnicastAllowedToGoTo OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The set of ports for which a frame with a specific 

unicast address will be flooded in the event that it 

has not been learned. It also specifies the set of 

ports on which a specific unicast address may be dynamically 
learned. The dotlqTpFdbTable will have an equivalent 

entry with a dotlqTpFdbPort value of ’0’ until this 

address has been learned, at which point it will be updated 
with the port the address has been seen on. This only 
applies to ports that are members of the VLAN, defined 

by dotiqVlanCurrentEgressPorts. The default value of 

this object is a string of ones of appropriate length. 


The value of this object MUST be retained across 
reinitializations of the management system." 
REFERENCE 
"IEEE 802.10/D11 Table 8-5, ISO/IEC 15802-3 Table 7-5" 
::= { dotlqStaticUnicastEntry 3 } 


dotigStaticUnicastStatus OBJECT-TYPE 

SYNTAX INTEGER { 
other (1), 
invalid(2), 
permanent (3), 
deleteOnReset (4), 
deleteOnTimeout (5) 

} 
MAX-ACCESS read-write 


STATUS current 
DESCRIPTION 
"This object indicates the status of this entry. 
other (1) - this entry is currently in use, but 
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the conditions under which it will remain 
so differ from the following values. 
invalid(2) - writing this value to the object 
removes the corresponding entry. 
permanent (3) - this entry is currently in use 
and will remain so after the next reset of 
the bridge. 
deleteOnReset (4) - this entry is currently in 
use and will remain so until the next 
reset of the bridge. 
deleteOnTimeout (5) - this entry is currently in 
use and will remain so until it is aged out. 


The value of this object MUST be retained across 
reinitializations of the management system." 
DEFVAL { permanent } 
::= { dotlqStaticUnicastEntry 4 } 


dotiqStaticMulticastTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqStaticMulticastEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing filtering information for Multicast 
and Broadcast MAC addresses for each VLAN, configured 
into the device by (local or network) management 
specifying the set of ports to which frames received 
from specific ports and containing specific Multicast 
and Broadcast destination addresses are allowed to be 
forwarded. A value of zero in this table (as the port 
number from which frames with a specific destination 
address are received) is used to specify all ports for 
which there is no specific entry in this table for that 


particular destination address. Entries are valid for 
Multicast and Broadcast addresses only." 
REFERENCE 


"IEEE 802.10/D11 Section 12.7.7, 
ISO/IEC 15802-3 Section 7.9.1" 
::= { dotlqStatic 2 } 


dotlqStaticMulticastEntry OBJECT-TYPE 


SYNTAX DotlqStaticMulticastEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Filtering information configured into the device by 
(local or network) management specifying the set of 
ports to which frames received from this specific port 
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for this VLAN and containing this Multicast or Broadcast 
destination address are allowed to be forwarded." 

INDEX { 
dotlgqVlanIndex, 
dotiqStaticMulticastAddress, 
dotiqStaticMulticastReceivePort 


:= { dotlqStaticMulticastTable 1 } 


DotiqStaticMulticastEntry ::= 
SEQUENCE { 

dotiqStaticMulticastAddress 
MacAddress, 

dotiqStaticMulticastReceivePort 
Integer32, 

dotlqStaticMulticastStaticEgressPorts 
PortList, 

dotlqStaticMulticastForbiddenEgressPorts 
PortList, 

dotiqStaticMulticastStatus 
INTEGER 


} 


dotiqStaticMulticastAddress OBJECT-TYPE 

SYNTAX MacAddress 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"The destination MAC address in a frame to which this 
entry’s filtering information applies. This object must 
take the value of a Multicast or Broadcast address." 

::= { dotlqStaticMulticastEntry 1 } 


dotiqStaticMulticastReceivePort OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS not-accessible 
STATUS current 

DESCRIPTION 


"Either the value ’0’ or the port number of the port 
from which a frame must be received in order for this 
entry’s filtering information to apply. A value of zero 
indicates that this entry applies on all ports of the 
device for which there is no other applicable entry." 

:= { dotlqStaticMulticastEntry 2 } 


dotiqStaticMulticastStaticEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
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STATUS current 

DESCRIPTION 
"The set of ports to which frames received from a 
specific port and destined for a specific Multicast or 
Broadcast MAC address must be forwarded, regardless of 
any dynamic information, e.g., from GMRP. A port may not 
be added in this set if it is already a member of the 
set of ports in dotlqStaticMulticastForbiddenEgressPorts. 
The default value of this object is a string of ones of 
appropriate length. 


The value of this object MUST be retained across 
reinitializations of the management system." 


::= { dotlqStaticMulticastEntry 3 } 


dotiqStaticMulticastForbiddenEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The set of ports to which frames received from a 
specific port and destined for a specific Multicast or 
Broadcast MAC address must not be forwarded, regardless 
of any dynamic information, e.g., from GMRP. A port may 
not be added in this set if it is already a member of the 
set of ports in dotlqStaticMulticastStaticEgressPorts. 
The default value of this object is a string of zeros of 
appropriate length. 


The value of this object MUST be retained across 
reinitializations of the management system." 
::= { dotlqStaticMulticastEntry 4 } 


dotiqStaticMulticastStatus OBJECT-TYPE 

SYNTAX INTEGER { 
other (1), 
invalid(2), 
permanent (3), 
deleteOnReset (4), 
deleteOnTimeout (5) 

) 
MAX-ACCESS read-write 


STATUS current 
DESCRIPTION 
"This object indicates the status of this entry. 
other (1) - this entry is currently in use, but 


the conditions under which it will remain 
so differ from the following values. 
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invalid(2) - writing this value to the object 
removes the corresponding entry. 

permanent (3) - this entry is currently in use 
and will remain so after the next reset of 
the bridge. 

deleteOnReset (4) - this entry is currently in 
use and will remain so until the next 
reset of the bridge. 

deleteOnTimeout (5) - this entry is currently in 
use and will remain so until it is aged out. 


The value of this object MUST be retained across 
reinitializations of the management system." 
DEFVAL { permanent } 
:= { dotlqStaticMulticastEntry 5 } 


dotlqVlanNumDeletes OBJECT-TYPE 

SYNTAX Counter32 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of times a VLAN entry has been deleted from 
the dotlqVlanCurrentTable (for any reason). If an entry 
is deleted, then inserted, and then deleted, this 
counter will be incremented by 2." 

:= { dotlqVlan 1 } 


dotlqVlanCurrentTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqVlanCurrentEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing current configuration information 
for each VLAN currently configured into the device by 
(local or network) management, or dynamically created 
as a result of GVRP requests received." 

::= { dotlqVlan 2 } 


dotiqVlanCurrentEntry OBJECT-TYPE 


SYNTAX DotiqVlanCurrentEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Information for a VLAN configured into the device by 


Levi & Harrington Standards Track [Page 62] 


RFC 4363 Bridge MIB Extensions January 2006 


(local or network) management, or dynamically created 
as a result of GVRP requests received." 

INDEX { dotlqVlanTimeMark, dotlqVlanIndex } 

::= { dotlqVlanCurrentTable 1 } 


DotiqVlanCurrentEntry ::= 
SEQUENCE ( 
dotlqVlanTimeMark 
TimeFilter, 
dotiqVlanIndex 
VlanIndex, 
dotlqVlanFdbId 
Unsigned32, 
dotiqVlanCurrentEgressPorts 
PortList, 
dotigqVlanCurrentUntaggedPorts 
PortList, 
dotlqVlanStatus 
INTEGER, 
dotiqVlanCreationTime 
TimeTicks 


} 


dotiqVlanTimeMark OBJECT-TYPE 


SYNTAX TimeFilter 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"A TimeFilter for this entry. See the TimeFilter 
textual convention to see how this works." 
::= { dotlqVlanCurrentEntry 1 } 


dotiqVlanindex OBJECT-TYPE 


SYNTAX VlanIndex 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The VLAN-ID or other identifier referring to this VLAN." 
::= { dotlqVlanCurrentEntry 2 } 


dotiqVlanFdbId OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The Filtering Database used by this VLAN. This is one 
of the dotliqFdbId values in the dotlqFdbTable. This 
value is allocated automatically by the device whenever 
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the VLAN is created: either dynamically by GVRP, or by 
management, in dotlqVlanStaticTable. Allocation of this 
value follows the learning constraints defined for this 
VLAN in dotlqLearningConstraintsTable." 

::= { dotlqVlanCurrentEntry 3 } 


dotliqVlanCurrentEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The set of ports that are transmitting traffic for 
this VLAN as either tagged or untagged frames." 
REFERENCE 
"IEEE 802.10/D11 Section 12.10.2.1" 
::= { dotlqVlanCurrentEntry 4 } 


dotiqVlanCurrentUntaggedPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The set of ports that are transmitting traffic for 
this VLAN as untagged frames." 

REFERENCE 
"IEEE 802.10/D11 Section 12.10.2.1" 

::= { dotlqVlanCurrentEntry 5 ) 


dotlqVlanStatus OBJECT-TYPE 
SYNTAX INTEGER { 
other (1), 
permanent (2), 
dynamicGvrp (3) 
) 
MAX-ACCESS read-only 


STATUS current 
DESCRIPTION 
"This object indicates the status of this entry. 
other (1) - this entry is currently in use, but the 


conditions under which it will remain so differ 
from the following values. 

permanent (2) - this entry, corresponding to an entry 
in dotlqVlanStaticTable, is currently in use and 
will remain so after the next reset of the 
device. The port lists for this entry include 
ports from the equivalent dotlqVlanStaticTable 
entry and ports learned dynamically. 

dynamicGvrp(3) - this entry is currently in use 
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and will remain so until removed by GVRP. There 
is no static entry for this VLAN, and it will be 
removed when the last port leaves the VLAN." 

::= { dotlqVlanCurrentEntry 6 } 


dotiqVlanCreationTime OBJECT-TYPE 


SYNTAX TimeTicks 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The value of sysUpTime when this VLAN was created." 
::= { dotlqVlanCurrentEntry 7 ) 


dotiqVlanStaticTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqVlanStaticEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing static configuration information for 
each VLAN configured into the device by (local or 
network) management. All entries are permanent and will 
be restored after the device is reset." 

::= { dotlqVlan 3 } 


dotiqVlanStaticEntry OBJECT-TYPE 


SYNTAX DotlqVlanStaticEntry 
MAX-ACCESS not-accessible 
STATUS current 

DESCRIPTION 


"Static information for a VLAN configured into the 
device by (local or network) management." 
INDEX { dotlqVlanIndex } 
:= { dotlqVlanStaticTable 1 } 


DotliqVlanStaticEntry ::= 
SEQUENCE { 

dotiqVlanStaticName 
SnmpAdminString, 

dotliqVlanStaticEgressPorts 
PortList, 

dotlqVlanForbiddenEgressPorts 
PortList, 

dotiqVlanStaticUntaggedPorts 
PortList, 
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dotiqVlanStaticRowStatus 


RowStatus 
} 


dotiqVlanStaticName OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"An administratively assigned string, 


to identify the VLAN." 
REFERENCE 


(SIZE (0..32)) 


which may be used 


"IEEE 802.10/D11 Section 12.10.2.1" 


::= { dotlqVlanStaticEntry 


1 } 


dotiqVlanStaticEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The set of ports that 


egress list for this VLAN by management. 
bit in this object affect the per-port, 


are permanently assigned to the 
Changes toa 
per-VLAN 


Registrar control for Registration Fixed for the 


relevant GVRP state machine on each port. 


A port may 


not be added in this set if it is already a member of 


the set of ports in dotlqVlanForbiddenEgressPorts. 


The 


default value of this object is a string of zeros of 


appropriate length, 
REFERENCE 


"IEEE 802.10/D11 Section 12.7.7.3, 


::= [ dotlqVlanStaticEntry 


indicating not fixed." 


LL 
2 } 


dotiqVlanForbiddenEgressPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The set of ports that 
from being included in 
Changes to this object 
or excluded affect the 


are prohibited by management 

the egress list for this VLAN. 
that cause a port to be included 
per-port, per-VLAN Registrar 


control for Registration Forbidden for the relevant GVRP 


state machine on each port. 


A port may not be added in 


this set if it is already a member of the set of ports 


in dotlqVlanStaticEgressPorts. 


The default value of 


this object is a string of zeros of appropriate length, 
excluding all ports from the forbidden set." 
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REFERENCE 
"IEEE 802.10/D11 Section 12.7.7.3, 11.2.3.2.3" 
::= { dotlqVlanStaticEntry 3 } 


dotiqVlanStaticUntaggedPorts OBJECT-TYPE 


SYNTAX PortList 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The set of ports that should transmit egress packets 
for this VLAN as untagged. The default value of this 
object for the default VLAN (dotlqVlanIndex = 1) is a string 
of appropriate length including all ports. There is no 
specified default for other VLANs. If a device agent cannot 
support the set of ports being set, then it will reject the 
set operation with an error. For example, a 
manager might attempt to set more than one VLAN to be untagged 
on egress where the device does not support this IEEE 802.10 
option." 

REFERENCE 
"IEEE 802.10/D11 Section 12.10.2.1" 

:= { dotlqVlanStaticEntry 4 } 


dotiqVlanStaticRowStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object indicates the status of this entry." 
:= { dotlqVlanStaticEntry 5 ) 


dotlqNextFreeLocalVlanIndex OBJECT-TYPE 


SYNTAX Integer32 (0|4096..2147483647) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"The next available value for dotlqVlanIndex of a local 
VLAN entry in dotlqVlanStaticTable. This will report 
values >=4096 if a new Local VLAN may be created or else 
the value 0 if this is not possible. 


A row creation operation in this table for an entry with a local 
VlanIndex value may fail if the current value of this object 

is not used as the index. Even if the value read is used, 

there is no guarantee that it will still be the valid index 
when the create operation is attempted; another manager may 

have already got in during the intervening time interval. 

In this case, dotlqNextFreeLocalVlanIndex should be re-read 
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and the creation re-tried with the new value. 
This value will automatically change when the current value is 


used to create a new row." 
::= { dotlqVlan 4 } 


dotiqPortVlanTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqPortVlanEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing per-port control and status 
information for VLAN configuration in the device." 
::= { dotlqVlan 5 } 


dotiqPortVlanEntry OBJECT-TYPE 


SYNTAX DotlgPortVlanEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"Information controlling VLAN configuration for a port 
on the device. This is indexed by dotldBasePort." 
AUGMENTS { dotldBasePortEntry } 
::= { dotlqPortVlanTable 1 } 


DotlgPortVlanEntry ::= 
SEQUENCE { 
dotlqPvid 
VlaniIndex, 
dotiqPortAcceptableFrameTypes 
INTEGER, 
dotlqPortIngressFiltering 
TruthValue, 
dotlqPortGvrpStatus 
EnabledStatus, 
dotiqPortGvrpFailedRegistrations 
Counter32, 
dotiqPortGvrpLastPduOrigin 
MacAddress, 
dotlqPortRestrictedVlanRegistration 
TruthValue 
} 


dotlqPvid OBJECT-TYPE 
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SYNTAX VlanIndex 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The PVID, the VLAN-ID assigned to untagged frames or 
Priority-Tagged frames received on this port. 


The value of this object MUST be retained across 
reinitializations of the management system." 


REFERENCE 
"IEEE 802.10/D11 Section 12.10.1.1" 
DEFVAL O LAO | 


::= { dotlqPortVlanEntry 1 } 


dotiqPortAcceptableFrameTypes OBJECT-TYPE 
SYNTAX INTEGER { 
admitAll(1), 
admitOnlyVlanTagged (2) 
} 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 
"When this is admitOnlyVlanTagged(2), the device will 
discard untagged frames or Priority-Tagged frames 
received on this port. When admitAll(1), untagged 
frames or Priority-Tagged frames received on this port 
will be accepted and assigned to a VID based on the 
PVID and VID Set for this port. 


This control does not affect VLAN-independent Bridge 
Protocol Data Unit (BPDU) frames, such as GVRP and 
Spanning Tree Protocol (STP). It does affect VLAN- 
dependent BPDU frames, such as GMRP. 


The value of this object MUST be retained across 
reinitializations of the management system." 


REFERENCE 
"IEEE 802.10/D11 Section 12.10.1.3" 
DEFVAL { admitAll } 


::= { dotlqPortVlanEntry 2 } 


dotigqPortIngressFiltering OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"When this is true(1), the device will discard incoming 
frames for VLANs that do not include this Port in its 
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Member set. When false(2), the port will accept all 
incoming frames. 


This control does not affect VLAN-independent BPDU 
frames, such as GVRP and STP. It does affect VLAN- 
dependent BPDU frames, such as GMRP. 


The value of this object MUST be retained across 
reinitializations of the management system." 


REFERENCE 
"IEEE 802.10/D11 Section 12.10.1.4" 
DEFVAL { false } 


::= { dotlqPortVlanEntry 3 } 


dotlqPortGvrpStatus OBJECT-TYPE 


SYNTAX EnabledStatus 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The state of GVRP operation on this port. The value 
enabled(1) indicates that GVRP is enabled on this port, 
as long as dotlqGvrpStatus is also enabled for this 
device. When disabled(2) but dotlqGvrpStatus is still 
enabled for the device, GVRP is disabled on this port: 
any GVRP packets received will be silently discarded, and 
no GVRP registrations will be propagated from other 
ports. This object affects all GVRP Applicant and 
Registrar state machines on this port. A transition 
from disabled(2) to enabled(1) will cause a reset of all 
GVRP state machines on this port. 


The value of this object MUST be retained across 
reinitializations of the management system." 
DEFVAL { enabled } 
::= { dotlqPortVlanEntry 4 } 


dotigPortGvrpFailedRegistrations OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of failed GVRP registrations, for any 
reason, on this port." 
:= { dotlqPortVlanEntry 5 } 


dotigPortGvrpLastPduOrigin OBJECT-TYPE 


SYNTAX MacAddress 
MAX-ACCESS read-only 
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STATUS current 

DESCRIPTION 
"The Source MAC Address of the last GVRP message 
received on this port." 

::= { dotlgPortVlanEntry 6 } 


dotlqPortRestrictedVlanRegistration OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"The state of Restricted VLAN Registration on this port. 

If the value of this control is true(1), then creation 

of a new dynamic VLAN entry is permitted only if there 

is a Static VLAN Registration Entry for the VLAN concerned, 
in which the Registrar Administrative Control value for 
this port is Normal Registration. 


The value of this object MUST be retained across 
reinitializations of the management system." 


REFERENCE 
"IEEE 802.1u clause 11.2.3.2.3, 12.10.1.7." 
DEFVAL { false } 


::= { dotlqPortVlanEntry 7 } 


dotiqPortVlanStatisticsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqPortVlanStatisticsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing per-port, per-VLAN statistics for 

traffic received. Separate objects are provided for both the 
most-significant and least-significant bits of statistics 
counters for ports that are associated with this transparent 
bridge. The most-significant bit objects are only required on 
high-capacity interfaces, as defined in the conformance clauses 
for these objects. This mechanism is provided as a way to read 
64-bit counters for agents that support only SNMPvl. 


Note that the reporting of most-significant and least- 
significant counter bits separately runs the risk of missing 

an overflow of the lower bits in the interval between sampling. 
The manager must be aware of this possibility, even within the 
same varbindlist, when interpreting the results of a request or 
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asynchronous notification." 
::= { dotiqVlan 6 } 


dotligPortVlanStatisticsEntry OBJECT-TYPE 


SYNTAX DotlqPortVlanStatisticsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Traffic statistics for a VLAN on an interface." 
INDEX { dotldBasePort, dotlqVlanIndex } 
::= { dotlqPortVlanStatisticsTable 1 } 


DotlqPortVlanStatisticsEntry ::= 
SEQUENCE { 

dot1gTpVlanPortInFrames 
Counter32, 

dotlqTpVlanPortOutFrames 
Counter32, 

dotiqTpVlanPortInDiscards 
Counter32, 

dotlqTpVlanPortInOverflowFrames 
Counter32, 

dotlqTpVlanPortOutOverflowFrames 
Counter32, 

dotigqTpVlanPortInOverflowDiscards 
Counter32 


} 


dotlqTpVlanPortiInFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of valid frames received by this port from 
its segment that were classified as belonging to this 
VLAN. Note that a frame received on this port is 
counted by this object if and only if it is fora 
protocol being processed by the local forwarding process 
for this VLAN. This object includes received bridge 
management frames classified as belonging to this VLAN 
(e.g., GMRP, but not GVRP or STP." 
REFERENCE 

"IEEE 802.10/D11 Section 12.6.1.1.3(a)" 

:= { dotlqPortVlanStatisticsEntry 1 } 


dotliqTpVlanPortOutFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
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STATUS current 


DESCRIPTION 
"The number of valid frames transmitted by this port to 


its segment from the local forwarding process for this 
VLAN. This includes bridge management frames originated 
by this device that are classified as belonging to this 
VLAN (e.g., GMRP, but not GVRP or STP)." 

REFERENCE 
"IEEE 802.10/D11 Section 12.6.1.1.3(d)" 

::= { dotlqPortVlanStatisticsEntry 2 } 


dotiqTpVlanPortInDiscards OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of valid frames received by this port from 
its segment that were classified as belonging to this 
VLAN and that were discarded due to VLAN-related reasons. 
Specifically, the IEEE 802.10 counters for Discard 
Inbound and Discard on Ingress Filtering." 

REFERENCE 
"IEEE 802.10/D11 Section 12.6.1.1.3" 

::= { dotlqPortVlanStatisticsEntry 3 } 


dotlqTpVlanPortInOverflowFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated 
dotliqTpVlanPortiInFrames counter has overflowed." 
REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 
::= { dotlqPortVlanStatisticsEntry 4 } 


dotlqTpVlanPortOutOverflowFrames OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated 
dotliqTpVlanPortOutFrames counter has overflowed." 
REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 
::= { dotlqPortVlanStatisticsEntry 5 } 


dotigqTpVlanPortInOverflowDiscards OBJECT-TYPE 
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SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of times the associated 
dotiqTpVlanPortInDiscards counter has overflowed." 
REFERENCE 
"ISO/IEC 15802-3 Section 14.6.1.1.3" 
::= { dotlqPortVlanStatisticsEntry 6 } 


dotigPortVlanHCStatisticsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqPortVlanHCStatisticsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing per-port, per-VLAN statistics for 
traffic on high-capacity interfaces." 
::= { dotlqVlan 7 } 


dotlqPortVlanHCStatisticsEntry OBJECT-TYPE 

SYNTAX DotlqPortVlanHCStatisticsEntry 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"Traffic statistics for a VLAN on a high-capacity 
interface." 

INDEX { dotldBasePort, dotlqVlanIndex } 

::= { dotlqPortVlanHCStatisticsTable 1 } 


DotlqPortVlanHCStatisticsEntry ::= 
SEQUENCE { 
dotlqTpVlanPortHCInFrames 
Counter64, 
dotlqTpVlanPortHCOutFrames 
Counter64, 
dotiqTpVlanPortHCInDiscards 
Counter64 


} 


dotlqTpVlanPortHCInFrames OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of valid frames received by this port from 
its segment that were classified as belonging to this 
VLAN. Note that a frame received on this port is 
counted by this object if and only if it is fora 
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protocol being processed by the local forwarding process 
for this VLAN. This object includes received bridge 
management frames classified as belonging to this VLAN 
(e.g., GMRP, but not GVRP or STP)." 
REFERENCE 
"IEEE 802.10/D11 Section 12.6.1.1.3(a)" 
:= { dotlqPortVlanHCStatisticsEntry 1 } 


dotliqTpVlanPortHCOutFrames OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of valid frames transmitted by this port to 
its segment from the local forwarding process for this 
VLAN. This includes bridge management frames originated 
by this device that are classified as belonging to this 
VLAN (e.g., GMRP, but not GVRP or STP)." 

REFERENCE 
"IEEE 802.10/D11 Section 12.6.1.1.3(d)" 

::= { dotlqPortVlanHCStatisticsEntry 2 } 


dotigqTpVlanPortHCInDiscards OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of valid frames received by this port from 
its segment that were classified as belonging to this 
VLAN and that were discarded due to VLAN-related reasons. 
Specifically, the IEEE 802.10 counters for Discard 
Inbound and Discard on Ingress Filtering." 

REFERENCE 
"IEEE 802.1Q/D11 Section 12.6.1.1.3" 

::= { dotlqPortVlanHCStatisticsEntry 3 } 


dotiqLearningConstraintsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlqLearningConstraintsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing learning constraints for sets of 
Shared and Independent VLANs." 
REFERENCE 
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"IEEE 802.10/D11 Section 12.10.3.1" 
::= { dotiqVlan 8 } 


dotiqLearningConstraintsEntry OBJECT-TYPE 


SYNTAX DotiqLearningConstraintsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A learning constraint defined for a VLAN." 
INDEX { dotlqConstraintVlan, dotlqConstraintSet } 
::= { dotlqLearningConstraintsTable 1 } 


DotlqLearningConstraintsEntry ::= 
SEQUENCE { 
dotiqConstraintVlan 
VlanIndex, 
dotiqConstraintsSet 
Integer32, 
dotiqConstraintType 
INTEGER, 
dotiqConstraintStatus 
RowStatus 
} 


dotiqConstraintVlan OBJECT-TYPE 


SYNTAX VlanIndex 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The index of the row in dotlqVlanCurrentTable for the 
VLAN constrained by this entry." 


::= { dotlqLearningConstraintsEntry 1 } 


dotiqConstraintSet OBJECT-TYPE 

SYNTAX Integer32 (0..65535) 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"The identity of the constraint set to which 
dotiqConstraintVlan belongs. These values may be chosen 
by the management station." 

::= { dotlqLearningConstraintsEntry 2 ) 


dotlqConstraintType OBJECT-TYPE 
SYNTAX INTEGER { 
independent (1), 
shared (2) 
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MAX-ACCESS read-create 


STATUS current 
DESCRIPTION 
"The type of constraint this entry defines. 
independent (1) - the VLAN, dotlaConstraintVlan, 


uses a filtering database independent from all 
other VLANs in the same set, defined by 
dotiqConstraintsSet. 
shared(2) - the VLAN, dotlqConstraintVlan, shares 
the same filtering database as all other VLANs 
in the same set, defined by dotlqConstraintSet." 
::= { dotlqLearningConstraintsEntry 3 } 


dotiqConstraintStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The status of this entry." 
::= { dotlqLearningConstraintsEntry 4 } 


dotiqConstraintSetDefault OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"The identity of the constraint set to which a VLAN 


belongs, if there is not an explicit entry for that VLAN 
in dotlqLearningConstraintsTable. 


The value of this object MUST be retained across 
reinitializations of the management system." 
::= { dotiqVlan 9 } 


dotiqConstraintTypeDefault OBJECT-TYPE 

SYNTAX INTEGER { 
independent (1), 
shared (2) 

} 

MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"The type of constraint set to which a VLAN belongs, if 
there is not an explicit entry for that VLAN in 
dotlqLearningConstraintsTable. The types are as defined 
for dotlqConstraintType. 


The value of this object MUST be retained across 
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reinitializations of the management system." 
::= { dotlqVlan 10 } 


dotlvProtocolGroupTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlvProtocolGroupEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains mappings from Protocol 
Templates to Protocol Group Identifiers used for 
Port-and-Protocol-based VLAN Classification." 

REFERENCE 
"IEEE 802.1v clause 8.6.4" 
::= { dotlvProtocol 1 } 


dotlivProtocolGroupEntry OBJECT-TYPE 


SYNTAX DotlvProtocolGroupEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A mapping from a Protocol Template to a Protocol 
Group Identifier." 
INDEX { dotlvProtocolTemplateFrameType, 
dotlvProtocolTemplateProtocolValue } 
:= { dotlvProtocolGroupTable 1 } 


DotlvProtocolGroupEntry ::= 
SEQUENCE { 
dotlvProtocolTemplateFrameType 
INTEGER, 
dotlvProtocolTemplateProtocolValue 
OCTET STRING, 
dot1lvProtocolGroupld 
Integer32, 
dotlvProtocolGroupRowStatus 
RowStatus 
} 


dotlvProtocolTemplateFrameType OBJECT-TYPE 
SYNTAX INTEGER ( 
ethernet 
rfc1042 
snap8021H 
snapOther 


r 


r 


(1) 
(2), 
(3) 
(4) 


r 
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licOther (5) 
} 
MAX-ACCESS not-accessible 
STATUS current 


DESCRIPTION 
"The data-link encapsulation format or the 


’detagged_ frame type’ in a Protocol Template." 
REFERENCE 

"IEEE 802.1v clause 8.6.2" 
::= { dotlvProtocolGroupEntry 1 } 


dotlvProtocolTemplateProtocolValue OBJECT-TYPE 


SYNTAX OCTET STRING (SIZE (2 | 5)) 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The identification of the protocol above the data-link 
layer in a Protocol Template. Depending on the 

frame type, the octet string will have one of the 
following values: 


For ’ethernet’, ’rfc1042’ and ’snap8021H’, 
this is the 16-bit (2-octet) IEEE 802.3 Type Field. 
For ’snapOther’, 
this is the 40-bit (5-octet) PID. 
For 'llcOther', 
this is the 2-octet IEEE 802.2 Link Service Access 
Point (LSAP) pair: first octet for Destination Service 
Access Point (DSAP) and second octet for Source Service 
Access Point (SSAP)." 
REFERENCE 
"IEEE 802.1v clause 8.6.2" 
::= { dotlvProtocolGroupEntry 2 } 


dotivProtocolGroupId OBJECT-TYPE 


SYNTAX Integer32 (0..2147483647) 
MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 


"Represents a group of protocols that are associated 
together when assigning a VID to a frame." 
REFERENCE 
"IEEE 802.1v clause 8.6.3, 12.10.2.1" 
:= { dotlvProtocolGroupEntry 3 } 


dotlvProtocolGroupRowStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
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STATUS current 
DESCRIPTION 


"This object indicates the status of this entry." 
::= { dotlvProtocolGroupEntry 4 } 


dotivProtocolPortTable OBJECT-TYPE 


SYNTAX SEQUENCE OF DotlvProtocolPortEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table that contains VID sets used for 


Port-and-Protocol-based VLAN Classification." 
REFERENCE 


"IEEE 802.1v clause 8.4.4" 
:= { dotlvProtocol 2 } 


dotlvProtocolPortEntry OBJECT-TYPE 


SYNTAX DotlvProtocolPortEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 
"A VID set for a port." 
INDEX { dotldBasePort, 


dotlvProtocolPortGroupld } 
::= { dotlvProtocolPortTable 1 } 


DotlvProtocolPortEntry ::= 
SEQUENCE { 
dotlivProtocolPortGroupIid 
Integer32, 
dotlvProtocolPortGroupVid 
Integer32, 
dotivProtocolPortRowStatus 
RowStatus 
} 


dotivProtocolPortGroupld OBJECT-TYPE 


SYNTAX Integer32 (1..2147483647) 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Designates a group of protocols in the Protocol 
Group Database." 

REFERENCE 
"IEEE 802.1v clause 8.6.3, 12.10.1.2" 

::= { dotlvProtocolPortEntry 1 } 


dotlvProtocolPortGroupVid OBJECT-TYPE 
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SYNTAX Integer32 (1..4094) 
MAX-ACCESS read-create 

STATUS current 
DESCRIPTION 


"The VID associated with a group of protocols for 
each port." 

REFERENCE 
"IEEE 802.1v clause 8.4.4, 12.10.1.2" 

::= { dotlvProtocolPortEntry 2 } 


dotivProtocolPortRowStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object indicates the status of this entry." 
::= { dotlvProtocolPortEntry 3 } 


aBridgeConformance OBJECT IDENTIFIER ::= { qBridgeMIB 2 } 
qBridgeGroups OBJECT IDENTIFIER ::= { qBridgeConformance 1 } 
aBridgeCompliances OBJECT IDENTIFIER ::= { qBridgeConformance 2 } 


qBridgeBaseGroup OBJECT-GROUP 

OBJECTS { 
dotiqVlanVersionNumber, 
dotlqMaxVlanld, 
dotlqMaxSupportedVlans, 
dotlqNumVlans, 
dotlqGvrpStatus 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing device-level control 
and status information for the Virtual LAN bridge 
services." 

::= { qBridgeGroups 1 } 


aBridgeFdbUnicastGroup OBJECT-GROUP 
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OBJECTS { 
dotigFdbDynamicCount, 
dotlqTpFdbPort, 
dotlqTpFdbStatus 
} 
STATUS current 
DESCRIPTION 
"A collection of objects providing information about all 
unicast addresses, learned dynamically or statically 
configured by management, in each Filtering Database." 
::= { qBridgeGroups 2 } 


qBridgeFdbMulticastGroup OBJECT-GROUP 

OBJECTS { 
dotlqTpGroupEgressPorts, 
dotlqTpGroupLearnt 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing information about all 
multicast addresses, learned dynamically or statically 
configured by management, in each Filtering Database." 

::= { qBridgeGroups 3 } 


aBridgeServiceRequirementsGroup OBJECT-GROUP 

OBJECTS { 
dotiqForwardAllPorts, 
dotigForwardAllStaticPorts, 
dotlqrForwardAllForbiddenPorts, 
dotiqForwardUnregisteredPorts, 
dotiqForwardUnregisteredStaticPorts, 
dotiqForwardUnregisteredForbiddenPorts 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing information about 
service requirements, learned dynamically or statically 
configured by management, in each Filtering Database." 

::= { qBridgeGroups 4 } 


aBridgeFdbStaticGroup OBJECT-GROUP 
OBJECTS { 
dotiqStaticUnicastAllowedToGoTo, 
dotiqStaticUnicastStatus, 
dotiqStaticMulticastStaticEgressPorts, 
dotiqStaticMulticastForbiddenEgressPorts, 
dotiqStaticMulticastStatus 
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STATUS current 

DESCRIPTION 
"A collection of objects providing information about 
unicast and multicast addresses statically configured by 
management, in each Filtering Database or VLAN." 

::= { qBridgeGroups 5 } 


qBridgeVlanGroup OBJECT-GROUP 
OBJECTS { 
dotlqVlanNumDeletes, 
dotlqVlanFdbld, 
dotlqVlanCurrentEgressPorts, 
dotlqVlanCurrentUntaggedPorts, 
dotlgqVlanStatus, 
dotiqVlanCreationTime 
} 
STATUS current 
DESCRIPTION 
"A collection of objects providing information about 
all VLANs currently configured on this device." 
::= { qBridgeGroups 6 ) 


aBridgeVlanStaticGroup OBJECT-GROUP 

OBJECTS { 
dotiqVlanStaticName, 
dotiqVlanStaticEgressPorts, 
dotiqVlanForbiddenEgressPorts, 
dotiqVlanStaticUntaggedPorts, 
dotiqVlanStaticRowStatus, 
dotlqNextFreeLocalVlaniIndex 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing information about 
VLANs statically configured by management." 

::= { qBridgeGroups 7 } 


aBridgePortGroup OBJECT-GROUP 

OBJECTS { 
dotlqPvid, 
dotiqPortAcceptableFrameTypes, 
dotlgPortIngressFiltering, 
dotlqPortGvrpStatus, 
dotiqPortGvrpFailedRegistrations, 
dotiqPortGvrpLastPduOrigin 

} 

STATUS deprecated 

DESCRIPTION 
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"A collection of objects providing port-level VLAN 
control and status information for all ports." 
::= { qBridgeGroups 8 } 


aBridgeVlanStatisticsGroup OBJECT-GROUP 

OBJECTS { 
dot1gTpVlanPortInFrames, 
dotlqTpVlanPortOutFrames, 
dotiqTpVlanPortInDiscards 

} 

STATUS current 

DESCRIPTION 


"A collection of objects providing per-port packet 
statistics for all VLANs currently configured on this 
device." 

::= { qBridgeGroups 9 } 


aBridgeVlanStatisticsOverflowGroup OBJECT-GROUP 

OBJECTS { 
dotiqTpVlanPortInOverflowFrames, 
dot1gTpVlanPortOutOverflowFrames, 
dot1qTpVlanPortInOverflowDiscards 

} 

STATUS current 

DESCRIPTION 


"A collection of objects providing overflow counters for 
per-port packet statistics for all VLANs currently configured 
on this device for high-capacity interfaces, defined as those 
that have the value of the corresponding instance of 
ifSpeed greater than 650,000,000 bits/second." 

::= { qBridgeGroups 10 } 


qBridgeVlanHCStatisticsGroup OBJECT-GROUP 

OBJECTS { 
dotligqTpVlanPortHCInFrames, 
dotlqTpVlanPortHCOutFrames, 
dotlgqTpVlanPortHCInDiscards 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing per-port packet 
statistics for all VLANs currently configured on this 
device for high-capacity interfaces, defined as those 
that have the value of the corresponding instance of 
ifSpeed greater than 650,000,000 bits/second." 

::= { qBridgeGroups 11 } 


qBridgeLearningConstraintsGroup OBJECT-GROUP 
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OBJECTS { 
dotiqConstraintType, 
dotiqConstraintStatus 
} 
STATUS current 
DESCRIPTION 
"A collection of objects defining the Filtering Database 
constraints all VLANs have with each other." 
::= { qBridgeGroups 12 } 


qBridgeLearningConstraintDefaultGroup OBJECT-GROUP 

OBJECTS { 
dotiqConstraintSetDefault, 
dotiqConstraintTypeDefault 

} 

STATUS current 

DESCRIPTION 
"A collection of objects defining the default Filtering 
Database constraints for VLANS that have no specific 
constraints defined." 

::= { qBridgeGroups 13 } 


aBridgeClassificationDeviceGroup OBJECT-GROUP 
OBJECTS { 
dotivProtocolGroupld, 
dotlvProtocolGroupRowStatus 
} 
STATUS current 
DESCRIPTION 
"VLAN classification information for the bridge." 
::= { qBridgeGroups 14 } 


qBridgeClassificationPortGroup OBJECT-GROUP 
OBJECTS { 
dotivProtocolPortGroupVid, 
dotlvProtocolPortRowStatus 
} 
STATUS current 
DESCRIPTION 
"VLAN classification information for individual ports." 
::= { qBridgeGroups 15 } 


aBridgePortGroup2 OBJECT-GROUP 
OBJECTS { 
dotlqPvid, 
dotlqPortAcceptableFrameTypes, 
dotlqPortIngressFiltering, 
dotlqPortGvrpStatus, 
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dotiqPortGvrpFailedRegistrations, 
dotiqPortGvrpLastPduOrigin, 
dotlqPortRestrictedVlanRegistration 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing port-level VLAN 
control and status information for all ports." 

::= { qBridgeGroups 16 } 


aBridgeCompliance MODULE-COMPLIANCE 
STATUS deprecated 
DESCRIPTION 
"The compliance statement for device support of Virtual 
LAN Bridge services. 


RFC2674 was silent about the expected persistence of the 
read-write objects in this MIB module. Applications MUST 
NOT assume that the values of the read-write objects are 
persistent across reinitializations of the management 
system and MUST NOT assume that the values are not 
persistent across reinitializations of the management 
system." 


MODULE 
MANDATORY-GROUPS ( 
aBridgeBaseGroup, 
aBridgeVlanGroup, 
aBridgeVlanStaticGroup, 
qBridgePortGroup 


GROUP qBridgeFdbUnicastGroup 

DESCRIPTION 
"This group is mandatory for bridges that implement 
802.10 transparent bridging." 


GROUP qBridgeFdbMulticastGroup 

DESCRIPTION 
"This group is mandatory for bridges that implement 
802.10 transparent bridging." 


GROUP aBridgeServiceRequirementsGroup 
DESCRIPTION 
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"This group is mandatory for bridges that implement 
extended filtering services. All objects must be 
read-write if extended-filtering services are 
enabled." 


GROUP aBridgeFdbStaticGroup 
DESCRIPTION 
"This group is optional." 


GROUP qBridgeVlanStatisticsGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support." 


GROUP qBridgeVlanStatisticsOverflowGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support. It is most 


relevant for high-capacity interfaces where the SNMP agent 
supports only SNMPv1." 


GROUP qBridgeVlanHCStatisticsGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support. It is most 


relevant for high-capacity interfaces." 


GROUP qBridgeLearningConstraintsGroup 
DESCRIPTION 
"This group is mandatory for devices implementing 
both Independent VLAN Learning (IVL) and Shared 
VLAN Learning (SVL) modes of operation of the 
filtering database, as defined by IEEE 802.10." 


GROUP qBridgeLearningConstraintDefaultGroup 
DESCRIPTION 
"This group is mandatory for devices implementing 
both Independent VLAN Learning (IVL) and Shared 
VLAN Learning (SVL) modes of operation of the 
filtering database, as defined by IEEE 802.10." 


OBJECT dotlqPortAcceptableFrameTypes 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotlqPortIngressFiltering 
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MIN-ACCESS read-only 

DESCRIPTION 
"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotiqConstraintSetDefault 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotiqConstraintTypeDefault 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


::= { qBridgeCompliances 1 } 


qBridgeCompliance2 MODULE-COMPLIANCE 
STATUS current 
DESCRIPTION 
"The compliance statement for device support of Virtual 
LAN Bridge services. 


This document clarifies the persistence requirements for 
the read-write objects in this MIB module. All 
implementations claiming compliance to qBridgeCompliance2 
MUST retain the values of those read-write objects that 
specify this requirement." 


MODULE 
MANDATORY-GROUPS { 
qBridgeBaseGroup, 
qBridgeVlanGroup, 
qBridgeVlanStaticGroup, 
qBridgePortGroup2 


GROUP qBridgeFdbUnicastGroup 

DESCRIPTION 
"This group is mandatory for bridges that implement 
802.10 transparent bridging." 


GROUP qBridgeFdbMulticastGroup 

DESCRIPTION 
"This group is mandatory for bridges that implement 
802.10 transparent bridging." 


Levi & Harrington Standards Track [Page 88] 


RFC 4363 Bridge MIB Extensions January 2006 


GROUP aBridgeServiceRequirementsGroup 
DESCRIPTION 
"This group is mandatory for bridges that implement 
extended filtering services. All objects must be 
read-write if extended-filtering services are 
enabled." 


GROUP aBridgeFdbStaticGroup 
DESCRIPTION 
"This group is optional." 


GROUP qBridgeVlanStatisticsGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support." 


GROUP aBridgeVlanStatisticsOverflowGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support. IE is most 


relevant for high-capacity interfaces where the SNMP agent 
supports only SNMPv1." 


GROUP aBridgeVlanHCStatisticsGroup 

DESCRIPTION 
"This group is optional as there may be significant 
implementation cost associated with its support. IE is most 


relevant for high-capacity interfaces." 


GROUP qBridgeLearningConstraintsGroup 
DESCRIPTION 
"This group is mandatory for devices implementing 
both Independent VLAN Learning (IVL) and Shared 
VLAN Learning (SVL) modes of operation of the 
filtering database, as defined by IEEE 802.10." 


GROUP qBridgeLearningConstraintDefaultGroup 
DESCRIPTION 
"This group is mandatory for devices implementing 
both Independent VLAN Learning (IVL) and Shared 
VLAN Learning (SVL) modes of operation of the 
filtering database, as defined by IEEE 802.10." 


GROUP qBridgeClassificationDeviceGroup 

DESCRIPTION 
"This group is mandatory ONLY for devices implementing 
VLAN Classification as specified in IEEE 802.1v." 
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GROUP qBridgeClassificationPortGroup 

DESCRIPTION 
"This group is mandatory ONLY for devices implementing 
VLAN Classification as specified in IEEE 802.1v." 


OBJECT dotlqPortAcceptableFrameTypes 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotlqPortIngressFiltering 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotiqConstraintSetDefault 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotiqConstraintTypeDefault 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.10." 


OBJECT dotlvProtocolGroupld 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.1v." 


OBJECT dotlvProtocolGroupRowStatus 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required as this is an optional 
capability in IEEE 802.1v." 


::= { qBridgeCompliances 2 } 


END 
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Security Considerations 


There are a number of management objects defined in this MIB module 
with a MAX-ACCESS clause of read-write and/or read-create. Such 
objects may be considered sensitive or vulnerable in some network 
environments. The support for SET operations in a non-secure 
environment without proper protection can have a negative effect on 
network operations. These tables and objects and their 
sensitivity/vulnerability are described below. 


The following tables and objects in the P-BRIDGE-MIB can be 
manipulated to interfere with the operation of priority classes. 

This could, for example, be used to force a reinitialization of state 
machines, thus causing network instability. Another possibility 
would be for an attacker to override established policy on port 
priorities, thus giving a user (or an attacker) unauthorized 
preferential treatment. 


dotldTrafficClassesEnabled 
dotldGmrpStatus 
dotidPortPriorityTable 
dotidUserPriorityRegenTable 
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dotldTrafficClassTable 
dotidPortGarpTable 
dotidPortGmrpTable 


The following tables and objects in the Q-BRIDGE-MIB could be 
manipulated to interfere with the operation of virtual LANs. This 
could, for example, be used to force a reinitialization of state 
machines to cause network instability, or changing the forwarding and 
filtering policies. 


dotlqGvrpStatus 
dotlqForwardAllTable 
dotiqStaticUnicastTable 
dotiqStaticMulticastTable 
dotiqVlanStaticTable 
dotlqPortVlanTable 
dotiqLearningConstraintsTable 
dotivProtocolGroupTable 
dotlvProtocolPortTable 


Some of the readable objects in this MIB module (i.e., objects with a 
MAX-ACCESS other than not-accessible) may be considered sensitive or 
vulnerable in some network environments. It is thus important to 
control even GET and/or NOTIFY access to these objects and possibly 
to even encrypt the values of these objects when sending them over 
the network via SNMP. These are the tables and objects and their 
sensitivity/vulnerability. 


The objects dotldDeviceCapabilities and dotldPortCapabilitiesTable in 
the P-BRIDGE-MIB could be used by an attacker to determine which 
attacks might be useful to attempt against a given device. 


The following read-only tables and objects in the Q-BRIDGE-MIB could 
be used by an attacker to determine which attacks might be useful to 
attempt against a given device, could be used by an attacker to 
detect whether their attacks are being blocked or filtered, or could 
be used to understand the logical topology of the network. 


dotlqMaxVlanID 
dotlqMaxSupportedVlans 
dotlqNumVlans 

dotlqFdbTable 
dotlqTpFdbTable 
dotlqTpGroupTable 
dotlqVlanCurrentTable 
dotigPortVlanStatisticsTable 
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SNMP versions prior to SNMPv3 did not include adequate security. 

Even if the network itself is secure (for example by using IPSec), 
even then, there is no control as to who on the secure network is 
allowed to access and GET/SET (read/change/create/delete) the objects 
in this MIB module. 


It is RECOMMENDED that implementers consider the security features as 
provided by the SNMPv3 framework (see [RFC3410], section 8), 
including full support for the SNMPv3 cryptographic mechanisms (for 
authentication and privacy). 


Further, deployment of SNMP versions prior to SNMPv3 is NOT 
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 
enable cryptographic security. It is then a customer/operator 
responsibility to ensure that the SNMP entity giving access to an 
instance of this MIB module is properly configured to give access to 
the objects only to those principals (users) that have legitimate 
rights to indeed GET or SET (change/create/delete) them. 
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This is a revision of ISO/IEC 10038: 1993, 802.13-1992 
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P802.12e." ISO/IEC 15802-3: 1998. 
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Metropolitan Area Networks: Virtual Bridged Local Area 
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IEEE 802.1t-2001, "(Amendment to IEEE Standard 802.1D) 
IEEE Standard for Information technology - 
Telecommunications and information exchange between 
systems - Local and metropolitan area networks - Common 
specifications - Part 3: Media Access Control (MAC) 
Bridges: Technical and Editorial Corrections". 


IEEE 802.1u-2001, "(Amendment to IEEE Standard 802.10) 
IEEE Standard for Local and metropolitan area networks - 
Virtual Bridged Local Area Networks - Amendment 1: 
Technical and Editorial Corrections". 


IEEE 802.1v-2001, "(Amendment to IEEE Standard 802.10) 
IEEE Standards for Local and Metropolitan Area Networks: 
Virtual Bridged Local Area Networks-—Amendment 2: VLAN 
Classification by Protocol and Port". 
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Appendix A. Email from Tony Jeffrey from IEEE 


————— Original Message----- 

From: Tony Jeffree [mailto:tony@jeffree.co.uk] 
Sent: Friday, 6th of June 2003 17:16 

To: Wijnen, Bert (Bert) [mailto:bwijnentlucent.com] 
Subject: RE: VLAn ID 


Bert et al - 


We have concluded that the use of 4095 as a wildcard is acceptable 
to 802.1, and we will make any necessary changes to 802.10 in due 
course to relax the current stated restriction. However, we need 
to know whether that is all that needs to be done to 802.10 - i.e., 
is there any need to change our definitions of the managed objects 
in the document (Clause 12) to reflect the interpretation of 4095 
as a wildcard, or is this simply an issue for the SNMP machinery 
to handle? 


Regards, 
Tony 


Levi & Harrington Standards Track [Page 96] 


RFC 4363 Bridge MIB Extensions January 2006 


Authors’ Adresses 


David Levi 

Nortel Networks 

4655 Great America Parkway 
Santa Clara, CA 95054 

USA 


Phone: +1 865 686 0432 
EMail: dlevi@nortel.com 


David Harrington 
Effective Software 
50 Harding Rd. 
Portsmouth, NH 03801 
USA 


Phone: +1 603 436 8634 
EMail: ietfdbh@comcast.net 


Vivian Ngai 
Salt lake City, UT 
USA 


EMail: vivian_ngai@acm.org 


Les Bell 

Hemel Hempstead 
Herts. HP2 7YU 
UK 


EMail: elbell@ntlworld.com 


Andrew Smith 

Beijing Harbour Networks 
Jiuling Building 

21 North Xisanhuan Ave. 
Beijing, 100089 

PRC 


Fax: +1 415 345 1827 
EMail: ah_smith@acm.org 


Levi & Harrington Standards Track [Page 97] 


RFC 4363 Bridge MIB Extensions January 2006 


Paul Langille 
Newbridge Networks 
5 Corporate Drive 
Andover, MA 01810 
USA 


Phone: +1 978 691 4665 
EMail: langille@newbridge.com 


Anil Rijhsinghani 

Accton Technology Corporation 
5 Mount Royal Ave 

Marlboro, MA 01752 

USA 

EMail: anil@accton.com 


Keith McCloghrie 

Cisco Systems, Inc. 

170 West Tasman Drive 
San Jose, CA 95134-1706 
USA 


Phone: +1 408 526 5260 
EMail: kzm@cisco.com 


Levi & Harrington Standards Track [Page 98] 


RFC 4363 Bridge MIB Extensions January 2006 


Full Copyright Statement 
Copyright (C) The Internet Society (2006). 


This document is subject to the rights, licenses and restrictions 
contained in BCP 78, and except as set forth therein, the authors 
retain all their rights. 


This document and the information contained herein are provided on an 
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 


Intellectual Property 


The IETF takes no position regarding the validity or scope of any 
Intellectual Property Rights or other rights that might be claimed to 
pertain to the implementation or use of the technology described in 
this document or the extent to which any license under such rights 
might or might not be available; nor does it represent that it has 
made any independent effort to identify any such rights. Information 
on the procedures with respect to rights in RFC documents can be 
found in BCP 78 and BCP 79. 


Copies of IPR disclosures made to the IETF Secretariat and any 
assurances of licenses to be made available, or the result of an 
attempt made to obtain a general license or permission for the use of 
such proprietary rights by implementers or users of this 
specification can be obtained from the IETF on-line IPR repository at 
http://www.ietf.org/ipr. 


The IETF invites any interested party to bring to its attention any 
copyrights, patents or patent applications, or other proprietary 
rights that may cover technology that may be required to implement 
this standard. Please address the information to the IETF at 
ietf-ipr@ietf.org. 


Acknowledgement 


Funding for the RFC Editor function is provided by the IETF 
Administrative Support Activity (IASA). 


Levi & Harrington Standards Track [Page 99] 


